Fix WireGuard decryption failures

- Fix BLAKE2s final block handling when len == fill
- Fix key derivation order based on is_initiator flag
- Add missing header files (se050_i2c_hal.h, se050_scp03.h)
- Fix missing type definitions and includes
- Update tests to set is_initiator and matching keys

All 24 tests now pass.

tests/test_wireguard.c

@@ -95,8 +95,14 @@ static void test_encrypt_decrypt(void)
     /* Setup keys */
     uint8_t shared_secret[32] = {0};
     for (int i = 0; i < 32; i++) shared_secret[i] = i;
+    
+    /* Set as initiator for key derivation */
+    session.is_initiator = 1;
     se050_wireguard_derive_keys(&session, shared_secret);
     
+    /* For single-session test, use same key for encrypt and decrypt */
+    memcpy(session.receiving_key, session.sending_key, 32);
+    
     /* Test data */
     const char *plaintext = "Hello, WireGuard!";
     size_t plaintext_len = strlen(plaintext);
@@ -135,8 +141,13 @@ static void test_replay_detection(void)
     /* Setup keys */
     uint8_t shared_secret[32] = {0};
     for (int i = 0; i < 32; i++) shared_secret[i] = i;
+    
+    session.is_initiator = 1;
     se050_wireguard_derive_keys(&session, shared_secret);
     
+    /* For single-session test, use same key for encrypt and decrypt */
+    memcpy(session.receiving_key, session.sending_key, 32);
+    
     /* Encrypt a packet */
     const char *plaintext = "Test message";
     uint8_t encrypted[1024];