feat(sdk-api): add HKDF session caching layer for multi-call operations

Introduces createEncryptionSession() that runs Argon2id once and derives
per-call AES-256-GCM keys via HKDF (<1ms each), eliminating repeated
expensive KDF calls in multi-encrypt/decrypt flows.

- createEncryptionSession() in encrypt.ts: Argon2id -> HKDF CryptoKey
- EncryptionSession interface: encrypt(), decrypt(), destroy()
- V2Envelope extended with optional hkdfSalt for session-produced envelopes
- decryptV2 handles both standalone and session envelopes
- decryptAsync fix: v2 errors no longer fall through silently to v1
- 12 new tests covering round-trip, interop, destroy guard, cross-session rejection

WCN-31

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: pranavjain97