Commission third-party security audit of cryptographic operations

[toadkicker]

Goal

Before the v1.0.0 stable release, commission an independent security audit of PAP's cryptographic operations, trust model, and protocol invariants.

Scope

Priority areas for audit:

1. Ed25519 keypair management — principal, session, and delegation key material
2. SD-JWT selective disclosure — IETF draft-08 compliance, disclosure linkage prevention
3. Mandate chain verification — recursive scope/TTL bounds cannot be exceeded
4. Session DID unlinkability — ephemeral DIDs cannot be correlated to principal
5. Receipt co-signature — property-reference-only constraint is enforced
6. Federation TOFU TLS pinning — pin lifecycle, rotation, and revocation
7. FFI boundary safety — `pap-c` null pointer handling, thread safety
8. Progressive decay enforcement — state transitions cannot be reversed

Acceptance Criteria

• Auditor selected and engaged
• Audit scope agreed and documented in this issue
• Audit report received and findings tracked as sub-issues
• All Critical and High findings resolved before v1.0.0 tag
• Audit report published (or executive summary if NDA required)