huddle 1.3.4 — security & DoS hardening

A focused hardening release on top of 1.3.3 (no wire-format change; fully compatible with 1.3.x and pre-1.3 peers), closing 19 issues confirmed by a 73-agent adversarial audit of the whole tree — each finding verified by three independent skeptics, then re-reviewed per file for regressions (10/10 files clean).

Security

• Critical: reject invite version-downgrade (v2/v3 → v1 strips signature + freshness verification; v isn't signature-bound).
• Fail-secure DB checks: is_member_banned / is_peer_blocked no longer fail open on a database error (they masked errors as "not banned/blocked"); security COUNT(*) checks now deny on error and log.
• SAS: sas_match refuses to confirm before the SAS code is derived (no confirming a comparison the user never made).

DoS / robustness

• Relay client now caps WebSocket frames at 512 KiB (was 64 MiB) and bounds nonce/payload sizes + the pre-auth send backlog.
• Relay server: per-fingerprint connection cap (16) — kills publish fan-out amplification — plus a global accept semaphore (4096).
• Bounded memory wherever a peer controls the count: incomplete file transfers (LRU + global byte budget), session reject-list, profile-broadcast / key-request throttle maps, attachment listings, and the TUI/GUI open-room message buffers.
• Path-traversal guard: an attacker file_id is validated as a 64-char hex digest before it touches the cache path.

Correctness

• load_or_create_salt refuses to overwrite a present-but-corrupt salt (it used to silently regenerate it and permanently brick the SQLCipher DB).
• A relay configured without a /p2p/<peer-id> suffix now registers its /p2p-circuit reservation.
• GUI unread counter is now saturating (was a wrapping += 1).

Adds regression tests for the invite downgrade, salt corruption, and file_id traversal / transfer bounding. Install: `cargo install huddle-gui --force` / `huddle --force` / `huddle-server --force`.