fix(crypto): align Ed25519 profile verification across TS and Go

[jithinraj]

Summary

Aligns the TypeScript and Go reference verifiers on the PEAC Ed25519 verification profile, with shared edge-vector coverage and fail-closed runtime behavior.

The profile uses cofactorless Ed25519 verification with public-input admissibility checks for small-order public keys and unreduced signature scalars. The TypeScript implementation uses WebCrypto Ed25519 for verification and fails closed when the runtime does not support the required primitive. The Go implementation applies the same admissibility checks before stdlib verification.

Scope

• Adds the shared ed25519-peac-profile edge-vector corpus.
• Adds TypeScript and Go parity tests for the profile.
• Adds verifier runtime-support handling for WebCrypto Ed25519.
• Adds browser-verifier handling for unsupported Ed25519 runtimes.
• Documents the Ed25519 verification profile and runtime requirement.
• Raises Node engine metadata to >=22.13.0 where applicable.
• Adds Apache-2.0 license/notice files for vendored test vectors.

Compatibility

• No wire-format change.
• No schema change.
• No CLI behavior change.
• No signing-output change.
• No new crypto dependency.
• No fallback to a different Ed25519 verification predicate.
• pnpm-lock.yaml is unchanged.
• Malformed or wrong-length Ed25519 signatures are still rejected. At the direct crypto verifier boundary, these inputs now resolve as valid: false instead of surfacing an untyped verifier exception.

Unsupported TypeScript runtimes fail closed instead of silently using a different verifier behavior.

Verification

• pnpm --filter '@peac/crypto' test
• pnpm --filter '@peac/protocol' test
• pnpm --filter '@peac/schema' test
• pnpm test:conformance
• pnpm typecheck:core
• pnpm verify:codegen-drift
• pnpm verify:registries-schema
• pnpm verify:no-widening
• pnpm exec tsx scripts/extract-api-contract.ts --check
• node scripts/conformance/generate-inventory.mjs --check
• bash scripts/ci/forbid-strings.sh
• cd sdks/go && go build ./... && go test ./... -count=1 && go test -race ./... -count=1
• pnpm --filter './apps/verifier' test
• pnpm --filter '@peac/cli' test
• CLI offline verify smoke: valid sample exits 0; tampered sample exits 1