feat(consensus): add session registration protocol with combined login+register

[krishvishal]

Summary

• Add Operation::Register as a VSR-level operation that goes through consensus to create durable client sessions, giving each client a deterministic session number (= commit op number) agreed upon by all replicas.
• Add session field to RequestHeader with wire-layer validation: register requires session=0, request=0; all other operations require session>0, request>0.
• Split ClientTable into session-aware paths: check_register() / commit_register() for registration, and check_request() / commit_reply() with session + strict request monotonicity validation (NoSession, SessionMismatch, `RequestGap).
• Add ConsensusSession (SDK) for client-side session lifecycle and SessionManager (server-ng) for transport-to-consensus bridging.
• Add combined login_register handler: phase 1 verifies credentials locally, phase 2 submits register through consensus.
• Add RequestFrame2/ResponseFrame2 with request_id for request-response correlation and pipelining support.

[codecov]

Codecov Report

❌ Patch coverage is 90.37356% with 134 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.16%. Comparing base (f5350d9) to head (7964fdc).

Files with missing lines	Patch %	Lines
core/metadata/src/impls/metadata.rs	43.85%	32 Missing ⚠️
core/server-ng/src/login_register.rs	83.07%	16 Missing and 6 partials ⚠️
core/consensus/src/client_table.rs	91.26%	12 Missing and 8 partials ⚠️
core/server-ng/src/session_manager.rs	90.14%	16 Missing and 4 partials ⚠️
core/partitions/src/iggy_partitions.rs	51.72%	12 Missing and 2 partials ⚠️
core/binary_protocol/src/framing.rs	95.77%	0 Missing and 9 partials ⚠️
core/consensus/src/plane_helpers.rs	69.23%	8 Missing ⚠️
core/sdk/src/session.rs	97.19%	3 Missing ⚠️
core/simulator/src/lib.rs	95.45%	1 Missing and 1 partial ⚠️
...nary_protocol/src/requests/users/login_register.rs	99.25%	0 Missing and 1 partial ⚠️
... and 3 more

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3108      +/-   ##
============================================
+ Coverage     72.76%   73.16%   +0.40%     
  Complexity      943      943              
============================================
  Files          1117     1122       +5     
  Lines         96368    97623    +1255     
  Branches      73544    74815    +1271     
============================================
+ Hits          70119    71425    +1306     
+ Misses        23702    23591     -111     
- Partials       2547     2607      +60     

Components	Coverage Δ
Rust Core	74.05% <90.37%> (+0.55%)	⬆️
Java SDK	62.30% <ø> (ø)
C# SDK	69.11% <ø> (-0.31%)	⬇️
Python SDK	81.43% <ø> (ø)
Node SDK	91.40% <ø> (-0.13%)	⬇️
Go SDK	39.41% <ø> (ø)

Files with missing lines	Coverage Δ
core/binary_protocol/src/codes.rs	100.00% <ø> (ø)
core/binary_protocol/src/consensus/header.rs	80.56% <100.00%> (+4.60%)	⬆️
core/binary_protocol/src/consensus/operation.rs	95.06% <100.00%> (+0.85%)	⬆️
core/binary_protocol/src/dispatch.rs	90.99% <100.00%> (+0.08%)	⬆️
...nary_protocol/src/requests/users/login_register.rs	99.25% <99.25%> (ø)
...ary_protocol/src/responses/users/login_register.rs	97.72% <97.72%> (ø)
core/consensus/src/observability.rs	39.21% <0.00%> (-0.13%)	⬇️
core/simulator/src/client.rs	56.17% <97.14%> (+10.01%)	⬆️
core/simulator/src/lib.rs	85.61% <95.45%> (+1.74%)	⬆️
core/sdk/src/session.rs	97.19% <97.19%> (ø)
... and 7 more

... and 25 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[numinnex]

I've looked through this PR and I wonder how does it differ from the login and login with personal access token ?

[krishvishal]

@numinnex I've only implemented login functionality with register but didn't implement login with personal access token. But its easily implementable because register doesn't care about how we logged in.

[atharvalade]

on AlreadyRegistered, the code returns None without sending the existing-session reply it says it will synthesize. This can black-hole duplicate Register retries (lost reply/timeout path), leaving clients stuck waiting instead of getting a deterministic session response.

[krishvishal]

This is done on purpose since SDK is not wired up completely.

[atharvalade]

register_preflight(...).is_some() gates progress, and None returns early with no response to the client. Together with register_preflight behavior, duplicate register requests will be dropped silently

[krishvishal]

Same as above.