Add sync-relay non-regression tests for the linkedDomains payload

[Loule95450]

Context

The sync relay is zero-knowledge: every payload it stores and forwards is an opaque client-side AES-GCM ciphertext (migrations/002_sync.sql, ciphertext BLOB NOT NULL -- AES-GCM(EK, op)). The relay never parses account shapes — it only routes events and snapshots between a user's devices (src/routes/sync.ts, src/store/sync.ts).

Problem

The desktop/extension feature adding linkedDomains to AccountEntry (see Keyfount/desktop and Keyfount/extension) changes the plaintext shape that clients encrypt. Because the relay is content-blind, no server code change is required — but that invariant is currently asserted only implicitly. A regression that made the relay inspect or reject larger/array-bearing payloads would silently break the feature, and nothing guards against it.

Proposed approach

• Add a non-regression test to test/sync.test.ts that pushes and pulls an opaque blob whose decrypted form would carry a linkedDomains array, asserting the relay stores and returns it byte-for-byte.
• Assert the relay remains agnostic to payload size/content: a larger ciphertext (simulating extra linked domains) round-trips through push → snapshot → pull unchanged.
• Confirm tombstone routing is unaffected (identity is still client-defined and opaque to the relay).
• No schema change, no route change — this issue is tests only, codifying the zero-knowledge contract so the cross-repo feature can rely on it.

Acceptance criteria

• test/sync.test.ts covers an opaque payload round-trip representing a linkedDomains-bearing account (push → pull, byte-identical).
• A larger-than-baseline ciphertext round-trips unchanged (no size-based rejection on the happy path).
• Tombstone forwarding test still passes with the new payloads.
• npm run lint, npm run typecheck and npm test pass.

Related issues

• Support subdomains and linked domains in autofill matching extension#91 — companion: client feature that introduces the linkedDomains payload (browser extension)
• Support subdomains and linked domains across the Rust core, app, and iOS AutoFill desktop#72 — companion: client feature that introduces the linkedDomains payload (desktop/mobile + iOS AutoFill)