v0.1.1 — PEP 639 license classifier fix

Why this exists

v0.1.0 failed to publish to PyPI — modern setuptools rejects the legacy License :: OSI Approved :: Apache Software License classifier when a PEP 639 license = \"Apache-2.0\" SPDX expression is already set:

```
setuptools.errors.InvalidConfigError: License classifiers have been superseded by license expressions (see https://peps.python.org/pep-0639/).
```

v0.1.1 drops the legacy classifier. No code changes.

Content

Same as v0.1.0:

• omkit.encryption rewritten Fernet → AES-256-GCM
• Public API unchanged: `generate_key`, `encrypt_value`, `decrypt_value`, `mask_secret`, `InvalidToken`, `InvalidKey`, `KEY_SIZE`
• Wire-compatible with omkit-go v0.1.1

v0.1.0 — AES-256-GCM encryption

Highlights

• omkit.encryption rewritten Fernet → AES-256-GCM. Wire-breaking: tokens minted under v0.0.x cannot be decrypted by v0.1.0. Greenfield rollout — no migration path.
• Public API unchanged: generate_key, encrypt_value, decrypt_value, mask_secret, InvalidToken, InvalidKey, KEY_SIZE.
• Token format: base64url("v1" || nonce(12) || ciphertext || tag(16)). Versioned prefix reserves space for future rotations without byte-sniffing.
• Wire-compatible with omkit-go v0.1.0 — a Go-encrypted token decrypts in Python and vice versa given the shared 32-byte key.
• GCM auth tag catches tamper; wrong key size surfaces InvalidKey.

Breaking

• Cryptographic format. v0.0.x tokens will not decrypt under v0.1.0.
• 14 unit tests cover round-trip, tamper, key-size, version prefix.

Companion release

• omurlabs/omkit-go@v0.1.0 ships the matching Go side.