Add asymmetric key wrapping and schema versioning
Implement x25519-hkdf-a256kw key wrapping: ECDH key agreement via
X25519, HKDF-SHA256 key derivation, and AES-256 key wrap (RFC 3394).
Ciphertext packs ephemeral public key and wrapped content key for
atproto storage.
Add schema version field to all record types (document, grant, keyring)
with compatibility check for forward-safe decentralised record handling.
HKDF domain separation string includes schema version so version bumps
produce distinct derived keys.
Update wrappedKey algorithm from ECDH-ES+A256KW to x25519-hkdf-a256kw
to honestly reflect the KDF choice (HKDF, not JWE Concat KDF).