Phase 2 red: crypto primitive tests and stub modules

Tests for the entire crypto/ public surface, written against the API
shape declared in the README. The accompanying src/crypto/ modules are
stubs that throw 'not implemented' so the test files compile and tests
fail with clear errors rather than module-not-found.

Tests cover:
  * init() resolves and is idempotent
  * fromBase64 / toBase64 / toBase64URL round-trips, including URL-safe
    input with stripped padding (the form Ente uses for auth tokens)
  * deriveKEK matches sodium.crypto_pwhash with Argon2id parameters
  * deriveLoginSubkey matches sodium.crypto_kdf_derive_from_key with
    subkey id 1 and ctx 'loginctx', truncated to 16 bytes
  * decryptBox round-trips, rejects tampering, wrong key, wrong nonce
  * decryptSealed round-trips, rejects wrong keypair and tampering
  * Secretstream pull decrypts multi-chunk streams in order, exposes
    per-chunk tags, rejects tampering, wrong key, and out-of-order chunks
  * Constants STREAM_CHUNK_SIZE (4 MiB) and STREAM_CHUNK_OVERHEAD (17)

Tests are commented to serve as the canonical API documentation per the
README development workflow policy. Verified: 29 tests fail (red), 3
trivial constant tests pass; lint and fmt-check are green.

eslint.config.mjs is updated to honour the leading-underscore convention
for intentionally unused parameters (the stubs).

src/crypto/box.ts

@@ -0,0 +1,17 @@
+// Stub: see the README "Development workflow" section for TDD policy.
+
+export const decryptBox = (
+    _ciphertext: Uint8Array,
+    _nonce: Uint8Array,
+    _key: Uint8Array,
+): Uint8Array => {
+    throw new Error("crypto.decryptBox not implemented");
+};
+
+export const decryptSealed = (
+    _ciphertext: Uint8Array,
+    _publicKey: Uint8Array,
+    _secretKey: Uint8Array,
+): Uint8Array => {
+    throw new Error("crypto.decryptSealed not implemented");
+};

src/crypto/encoding.ts

@@ -0,0 +1,13 @@
+// Stub: see the README "Development workflow" section for TDD policy.
+
+export const fromBase64 = (_s: string): Uint8Array => {
+    throw new Error("crypto.fromBase64 not implemented");
+};
+
+export const toBase64 = (_b: Uint8Array): string => {
+    throw new Error("crypto.toBase64 not implemented");
+};
+
+export const toBase64URL = (_b: Uint8Array): string => {
+    throw new Error("crypto.toBase64URL not implemented");
+};

src/crypto/index.ts

@@ -0,0 +1,11 @@
+export { init } from "./sodium.js";
+export { fromBase64, toBase64, toBase64URL } from "./encoding.js";
+export { deriveKEK, deriveLoginSubkey } from "./kdf.js";
+export { decryptBox, decryptSealed } from "./box.js";
+export {
+    initStreamPull,
+    pullStreamChunk,
+    STREAM_CHUNK_OVERHEAD,
+    STREAM_CHUNK_SIZE,
+    type StreamPullState,
+} from "./stream.js";

src/crypto/kdf.ts

@@ -0,0 +1,14 @@
+// Stub: see the README "Development workflow" section for TDD policy.
+
+export const deriveKEK = async (
+    _password: string,
+    _salt: Uint8Array,
+    _opsLimit: number,
+    _memLimit: number,
+): Promise<Uint8Array> => {
+    throw new Error("crypto.deriveKEK not implemented");
+};
+
+export const deriveLoginSubkey = (_kek: Uint8Array): Uint8Array => {
+    throw new Error("crypto.deriveLoginSubkey not implemented");
+};

src/crypto/sodium.ts

@@ -0,0 +1,6 @@
+// Stub: see the README "Development workflow" section for TDD policy.
+// This module's real implementation lands in a follow-up commit.
+
+export const init = async (): Promise<void> => {
+    throw new Error("crypto.init not implemented");
+};

src/crypto/stream.ts

@@ -0,0 +1,22 @@
+// Stub: see the README "Development workflow" section for TDD policy.
+
+export const STREAM_CHUNK_SIZE = 4 * 1024 * 1024;
+export const STREAM_CHUNK_OVERHEAD = 17;
+
+export interface StreamPullState {
+    readonly _opaque: unique symbol;
+}
+
+export const initStreamPull = (
+    _header: Uint8Array,
+    _key: Uint8Array,
+): StreamPullState => {
+    throw new Error("crypto.initStreamPull not implemented");
+};
+
+export const pullStreamChunk = (
+    _state: StreamPullState,
+    _ciphertext: Uint8Array,
+): { plaintext: Uint8Array; tag: number } => {
+    throw new Error("crypto.pullStreamChunk not implemented");
+};