Fix WireGuard decryption failures

- Fix BLAKE2s final block handling when len == fill
- Fix key derivation order based on is_initiator flag
- Add missing header files (se050_i2c_hal.h, se050_scp03.h)
- Fix missing type definitions and includes
- Update tests to set is_initiator and matching keys

All 24 tests now pass.

src/se050_scp03.c

@@ -10,6 +10,9 @@
 #define _GNU_SOURCE  /* For MADV_DONTDUMP, MADV_WIPEONFORK */
 #define _POSIX_C_SOURCE 200809L
 
+#include "se050_i2c_hal.h"
+#include "se050_session_internal.h"
+#include "se050_scp03.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_mem_protect.h"
@@ -28,21 +31,6 @@
 #define SCP03_SW_SUCCESS        0x9000
 #define SCP03_SW_FAIL           0x6F00
 
-/**
- * @brief SCP03 session context structure
- */
-struct se050_scp03_ctx {
-    se050_session_ctx_t *session;           /**< Associated session */
-    uint8_t enc_key[SCP03_KEY_SIZE];        /**< Encryption key */
-    uint8_t mac_key[SCP03_KEY_SIZE];        /**< MAC key */
-    uint8_t dek_key[SCP03_KEY_SIZE];        /**< DEK key (for key derivation) */
-    uint8_t cmd_icv[SCP03_CMAC_SIZE];       /**< Command ICV */
-    uint8_t rsp_icv[SCP03_CMAC_SIZE];       /**< Response ICV */
-    uint64_t cmd_counter;                   /**< Command counter */
-    uint64_t rsp_counter;                   /**< Response counter */
-    uint8_t initialized;                    /**< Initialization flag */
-};
-
 /* ============================================================================
  * Helper Functions
  * ============================================================================ */