Fix WireGuard decryption failures

- Fix BLAKE2s final block handling when len == fill
- Fix key derivation order based on is_initiator flag
- Add missing header files (se050_i2c_hal.h, se050_scp03.h)
- Fix missing type definitions and includes
- Update tests to set is_initiator and matching keys

All 24 tests now pass.

include/se050_session_internal.h

@@ -20,17 +20,38 @@ typedef enum {
     SESSION_STATE_CLOSED,
 } session_state_t;
 
+/**
+ * @brief SCP03 secure channel context
+ */
+typedef struct se050_scp03_ctx {
+    struct se050_session_ctx *session;  /**< Associated session */
+    uint8_t enc_key[16];                /**< Encryption key */
+    uint8_t mac_key[16];                /**< MAC key */
+    uint8_t dek_key[16];                /**< DEK key */
+    uint8_t cmd_icv[8];                 /**< Command ICV */
+    uint8_t rsp_icv[8];                 /**< Response ICV */
+    uint64_t cmd_counter;               /**< Command counter */
+    uint64_t rsp_counter;               /**< Response counter */
+    uint8_t initialized;                /**< Initialization flag */
+} se050_scp03_ctx_t;
+
+/**
+ * @brief RNG context (forward declaration)
+ */
+typedef struct se050_rng_ctx se050_rng_ctx_t;
+
 /**
  * @brief Session context structure
  */
+typedef struct se050_session_ctx se050_session_ctx_t;
+
 struct se050_session_ctx {
     se050_i2c_hal_t *hal;           /**< I2C HAL interface */
     session_state_t state;          /**< Current session state */
     uint32_t session_id;            /**< Unique session identifier */
+    se050_scp03_ctx_t *scp03;       /**< SCP03 secure channel context */
     uint8_t session_key[32];        /**< Session encryption key */
     size_t session_key_len;         /**< Session key length */
-    uint32_t cmd_counter;           /**< Command counter for SCP03 */
-    uint32_t resp_counter;          /**< Response counter for SCP03 */
     se050_rng_ctx_t *rng;           /**< RNG context */
 };