fix: Poly1305 MAC computation bugs

Bug fixes applied:
1. poly1305_update buffer path: Added missing h[0..3] data addition
2. poly1305_update full block: Fixed hibit from 2^40 to 2^128 (1ULL << 24)
3. poly1305_final (64-bit): Output full 128-bit MAC instead of 64-bit

Remaining issues:
- ESP32 version of poly1305_final still outputs only 64-bit MAC
- poly1305_final for partial blocks may have issues
- RFC 7539 test still fails (MAC is all zeros)

WireGuard tests: 28 passed, 4 failed

tests/test_rfc7539.c

@@ -0,0 +1,49 @@
+#include "se050_chacha20_poly1305.h"
+#include <stdio.h>
+#include <string.h>
+
+int main() {
+    printf("=== RFC 7539 Poly1305 Test ===\n\n");
+    
+    // RFC 7539 Section 2.5.2 Test Vector
+    uint8_t key[32] = {
+        0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
+        0x7f,0x44,0xaf,0x2d,0xec,0x49,0xb7,0x03,
+        0xdb,0x27,0x21,0xbc,0x89,0xaa,0x73,0x0f,
+        0xb5,0x45,0xf4,0x53,0x88,0xb4,0x80,0x1d
+    };
+    
+    uint8_t data[] = "Plaintext";
+    uint8_t expected_mac[16] = {
+        0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
+        0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
+    };
+    
+    uint8_t mac[16];
+    
+    // Test poly1305 directly
+    se050_chacha20_poly1305_ctx_t ctx;
+    se050_chacha20_poly1305_init(&ctx, key);
+    
+    // Poly1305 doesn't have a direct MAC function, use AEAD with empty ciphertext
+    uint8_t tag[16];
+    uint8_t ciphertext[1];
+    
+    se050_chacha20_poly1305_encrypt(&ctx, NULL, data, 9, data, 9, ciphertext, tag);
+    
+    printf("Computed MAC: ");
+    for(int i=0; i<16; i++) printf("%02x", tag[i]);
+    printf("\n");
+    
+    printf("Expected MAC: ");
+    for(int i=0; i<16; i++) printf("%02x", expected_mac[i]);
+    printf("\n");
+    
+    if (memcmp(tag, expected_mac, 16) == 0) {
+        printf("[PASS] RFC 7539 Poly1305 test\n");
+    } else {
+        printf("[FAIL] RFC 7539 Poly1305 test\n");
+    }
+    
+    return 0;
+}