fix(security): comprehensive fix for /relay/ping impersonation and nonce replay

[AdnanMehr8]

This PR addresses Issue #48 by implementing:

1. Identity Binding: Derives agent_id from pubkey_hex on the registration path to prevent agents from claiming a bcn_* ID they don't own.
2. Replay Protection: Enforces unique nonces within the sliding window for both registration and heartbeats on /relay/ping.
3. Authentication: Ensures existing agents provide a valid relay_token to update their heartbeat.

Verified with local tests.

[AdnanMehr8]

This PR addresses Issue #48 by implementing:

1. Identity Binding: Derives from on the registration path to prevent agents from claiming a ID they don't own.
2. Replay Protection: Enforces unique nonces within the sliding window for both registration and heartbeats on .
3. Authentication: Ensures existing agents provide a valid to update their heartbeat.

Verified with local tests.

[AdnanMehr8]

Synced with upstream main and forced push. The security fix is now applied on top of the latest codebase, including the new rate limiter and security guide.

Summary of changes in this PR:

1. Derive agent_id from pubkey: Ensures that an agent cannot register with a ID they don't own by spoofing the field.
2. Nonce Replay Protection: Extends the existing nonce window logic to the endpoint for both registration and heartbeats.
3. Heartbeat Authentication: Enforces validation for existing agents attempting to update their heartbeat on the ping path.

Verified against latest main.

[AdnanMehr8]

Superseded by PR #127 which is synced with latest upstream main.