Feat/secure keybase

[D4ryl00]

Secure keybase via hardware-backed encryption (iOS Secure Enclave / Android Keystore)

Summary

This PR secures the Gno keybase by encrypting keys using a hardware-backed private key that lives in the platform keystore:

• iOS: Keychain protected by the Secure Enclave (when available).
• Android: Android Keystore System (StrongBox/TEE when available).

To enable this, the gnonative framework now implements the gno DB interface.
Only the primitive DB operations are bridged to native code (Swift/Kotlin) via a NativeDBManager, which talks to the Keychain/Keystore for get/set/delete... of raw byte keys and values. Higher-level logic stays in Go.

Design

• DB interface split:

  • Native (Swift/Kotlin): minimal KV primitives only (opaque []byte in/out).
  • Go: implements iterators and any non-primitive behavior on top of the native primitives.

• Iterator protocol:
  Because the Go↔native bridge can only exchange primitive values, iteration is done in chunks.
  Go calls scanChunk(...) repeatedly; native returns a single blob that aggregates multiple key/value pairs.

scanChunk native functions return this blob format:

// Blob layout (all integers are big-endian):
//
//	+---------+-------------------+---------------------------------------+--------------------------+------------------------+
//	| Offset  | Field             | Description                           | Type/Size                | Notes                  |
//	+---------+-------------------+---------------------------------------+--------------------------+------------------------+
//	| 0       | flags             | bit0 = hasMore (1 => more pages)      | uint8 (1 byte)           | other bits reserved    |
//	| 1       | count             | number of K/V pairs that follow       | uint32 (4 bytes, BE)     | N                      |
//	| 5       | pairs[0..N-1]     | repeated K/V frames:                  |                          |                        |
//	|         |  - klen           | key length                            | uint32 (4 bytes, BE)     |                        |
//	|         |  - key            | key bytes                             | klen bytes               |                        |
//	|         |  - vlen           | value length                          | uint32 (4 bytes, BE)     |                        |
//	|         |  - value          | value bytes                           | vlen bytes               |                        |
//	| ...     | nextSeekLen       | length of the nextSeek key            | uint32 (4 bytes, BE)     | 0 if empty             |
//	| ...     | nextSeek          | nextSeek key bytes                    | nextSeekLen bytes        |                        |
//	+---------+-------------------+---------------------------------------+--------------------------+------------------------+
//
// Semantics:
//   - The iterator uses 'hasMore' to know if additional pages exist.
//   - 'nextSeek' is typically the last key of this page; pass it back as 'seekKey' (exclusive)
//     on the next ScanChunk call to continue from the next item.
//   - Keys/values are raw bytes; ordering and range checks are done on the raw key bytes.

[iuricmp]

Tested on IOS.

[github-actions]

🎉 This PR is included in version 4.7.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀