Fix WireGuard decryption failures

- Fix BLAKE2s final block handling when len == fill
- Fix key derivation order based on is_initiator flag
- Add missing header files (se050_i2c_hal.h, se050_scp03.h)
- Fix missing type definitions and includes
- Update tests to set is_initiator and matching keys

All 24 tests now pass.

include/se050_scp03.h

@@ -0,0 +1,42 @@
+/**
+ * @file se050_scp03.h
+ * @brief SE050 Platform SCP03 Secure Channel Interface
+ */
+
+#ifndef SE050_SCP03_H
+#define SE050_SCP03_H
+
+#include <stdint.h>
+#include <stddef.h>
+#include "se050_i2c_hal.h"
+
+/* Forward declarations */
+typedef struct se050_session_ctx se050_session_ctx_t;
+
+/* SCP03 key sizes */
+#define SCP03_KEY_SIZE  16
+#define SCP03_IV_SIZE   16
+#define SCP03_CMAC_SIZE 8
+
+/* Initialize SCP03 context */
+se050_status_t se050_scp03_init(se050_scp03_ctx_t **ctx, se050_session_ctx_t *session);
+
+/* Set SCP03 keys */
+se050_status_t se050_scp03_set_keys(se050_scp03_ctx_t *ctx,
+                         const uint8_t *enc_key,
+                         const uint8_t *mac_key,
+                         const uint8_t *dek_key);
+
+/* Encrypt command */
+se050_status_t se050_scp03_encrypt_command(se050_scp03_ctx_t *ctx,
+                                uint8_t *cmd, size_t *cmd_len);
+
+/* Decrypt response */
+uint16_t se050_scp03_decrypt_response(se050_scp03_ctx_t *ctx,
+                                 size_t cmd_len,
+                                 uint8_t *rsp, size_t *rsp_len);
+
+/* Cleanup SCP03 context */
+void se050_scp03_cleanup(se050_scp03_ctx_t *ctx);
+
+#endif /* SE050_SCP03_H */