feat: Support X25519 key exchange and ChaCha20-Poly1305 cipher suite for DTLS 1.2

[HMBSbige]

X25519 Key Exchange

RFC 8422 §5.1.1 defines X25519 as a valid key exchange for TLS 1.2 and earlier.

With #70 restricting DTLS 1.2 to P-256/P-384, it would be nice to add X25519 support for DTLS 1.2 in a dedicated effort with proper test coverage.

The crypto implementation is already complete (EcdhKeyExchange in aws-lc-rs backend handles X25519 identically to P-256/P-384), only supported_dtls12_kx_groups() in src/crypto/validation/mod.rs filters it out:

.filter(|kx| matches!(kx.name(), NamedGroup::Secp256r1 | NamedGroup::Secp384r1))

Required changes: Add NamedGroup::X25519 to the filter + tests.

ChaCha20-Poly1305 Cipher Suite

RFC 7905 §2 defines TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9) for TLS 1.2.

Unlike X25519, this requires protocol-level additions — Dtls12CipherSuite only defines two AES-GCM variants, and no SupportedDtls12CipherSuite trait implementation exists for ChaCha20. The underlying ChaCha20Poly1305Cipher already works (used by DTLS 1.3).

Required changes:

1. Add ECDHE_ECDSA_CHACHA20_POLY1305_SHA256 variant to Dtls12CipherSuite enum
2. Implement SupportedDtls12CipherSuite trait (adapt key_lengths() for TLS 1.2 PRF key derivation)
3. Add to ALL_CIPHER_SUITES in both crypto backends
4. Tests