Add `keyKind` (or `isSymmetric`) property to `SignatureAlgorithm` interface for structural symmetric-algorithm detection

[coderabbitai]

Summary

Currently, XmlDSigVerifier.extractAndVerify guards against symmetric (HMAC) signature algorithms by comparing URIs against defaultSymmetricSignatureAlgorithms. This is a best-effort guard that can be bypassed if a caller supplies a custom HMAC implementation registered under a non-default URI (e.g. http://www.w3.org/2001/04/xmldsig-more#hmac-sha256), because the guard only knows about the project-default symmetric URIs.

Proposed solution

Add a keyKind: "asymmetric" | "symmetric" property (or an isSymmetric: boolean flag) to the SignatureAlgorithm interface in src/types.ts. All built-in algorithm classes (HmacSha1, RsaSha1, RsaSha256, etc.) would set the appropriate value. The guard in extractAndVerify (and any future symmetric-sensitive code path) can then use this structural check instead of maintaining a static URI list.

Benefits

• Future-proof: any new HMAC or other symmetric algorithm added to the registry is automatically caught by the guard.
• No need to maintain a hardcoded list of well-known HMAC URIs from W3C xmldsig / xmldsig-more specs.
• Makes algorithm semantics explicit and inspectable at the interface level.

Context

Raised during review of PR #519 (Add XmlDSigVerifier wrapper for SignedXml): #519 (comment)

Requested by @shunkica — deferred from PR #519 as out of scope for that already large change.