fix: WireGuard implementation improvements

- Fixed ChaCha20-Poly1305 context handling
- Added proper session key derivation
- Implemented replay detection
- Fixed nonce handling in encrypt/decrypt
- Added test suite with 27 passing tests

Known issues:
- Some encrypt/decrypt tests fail due to AAD handling
- Key generation needs production RNG integration

tests/test_wireguard_simple.c

@@ -3,6 +3,8 @@
  * @brief WireGuard Protocol Tests (Simplified - minimal dependencies)
  */
 
+#define X25519_SW_TEST 1
+
 #include "se050_wireguard.h"
 #include "se050_x25519_sw.h"
 #include "se050_chacha20_poly1305.h"
@@ -71,12 +73,16 @@ static void test_chacha20_poly1305(void)
     uint8_t ciphertext[100];
     uint8_t tag[16];
     
-    int ret = se050_chacha20_poly1305_encrypt(NULL, nonce, plaintext, sizeof(plaintext)-1,
-                                                aad, sizeof(aad)-1, ciphertext, tag);
+    se050_chacha20_poly1305_ctx_t ctx;
+    int ret = se050_chacha20_poly1305_init(&ctx, key);
+    TEST_ASSERT(ret == 0, "Context initialization returns 0");
+    
+    ret = se050_chacha20_poly1305_encrypt(&ctx, nonce, plaintext, sizeof(plaintext)-1,
+                                            aad, sizeof(aad)-1, ciphertext, tag);
     TEST_ASSERT(ret == 0, "Encryption returns 0");
     
     uint8_t decrypted[100];
-    ret = se050_chacha20_poly1305_decrypt(NULL, nonce, ciphertext, sizeof(plaintext)-1,
+    ret = se050_chacha20_poly1305_decrypt(&ctx, nonce, ciphertext, sizeof(plaintext)-1,
                                             aad, sizeof(aad)-1, tag, decrypted);
     TEST_ASSERT(ret == 0, "Decryption returns 0");
     TEST_ASSERT(decrypted[0] == 't' && decrypted[1] == 'e' &&