v2.2.2 - EventChain round-1 crypto audit fixes

Round-1 audit hardening. Length-prefixed and domain-tagged canonical message for an injective encoding (no field-boundary forgery). Strict canonicalization fails closed on non-JSON values instead of collapsing to null. Lone-surrogate rejection on every signed string. Verify-before-mutate snapshot load. Constant-time signature compare.