Append-only elements and merge documents now carry an Ed25519 author proof
bound to BOTH the payload and the documentKey, so a reader verifies who wrote
each write instead of trusting a self-declared id. TypeScript + Python.

- protocol: signAppendAuthor/verifyAppendAuthor + signDocAuthor/verifyDocAuthor
  over `<domain> + stableStringify({k: documentKey, d: data})`; distinct domain
  tags keep append vs doc signatures from cross-verifying; cross-language vector
  tests/test-vectors/append-author.json
- append-only: `requireAuthorSignature` collection option (DEFAULT on) — server
  requires + verifies the proof and binds authorPubkey to the request presenter
- merge-doc: author proof now travels top-level (previously a no-op inside
  `data`); server verifies it and stores the RAW author pubkey (was the userId
  hash)
- centralize wire-field + auth-header names in protocol constants (no TS/PY drift)
- lockstep version bump of all 20 packages 3.0.0-alpha.7 -> alpha.8

BREAKING: append-only writes require an author signature by default
(`requireAuthorSignature: false` to opt out); signed merge-doc author fields
move from inside `data` to top-level body siblings.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>