fix: inconsistent key handling in encryption

[michalsn]

Description
This PR fixes a critical state management issues in both OpenSSLHandler and SodiumHandler. The handlers were modifying their internal $key property when keys were passed via the $params argument to encrypt() and decrypt() methods. This was actually a bug, as the user guide clearly states that the key passed via $params:

will be used as the starting key for this operation https://codeigniter.com/user_guide/libraries/encryption.html#CodeIgniter\Encryption\CodeIgniter\Encryption\EncrypterInterface::decrypt

And not that it will permanently modify the handler's state (this is aligned with how CI3 worked).

Additionally, SodiumHandler::encrypt() was calling sodium_memzero($this->key), which destroyed the encryption key after the first use and prevented handler reuse. While this memory-clearing behavior was documented, it created an inconsistency where SodiumHandler could not be reused after encryption, but OpenSSLHandler could, making it impossible to use both handlers reliably in the same way.

This is a BC break because some code may have relied on the buggy behavior where $params modified the stored key. However, this affects only a small subset of users who passed a key via $params once and expected it to persist for subsequent operations. Most users who either always pass the key via $params for each operation or always configure keys via Config\Encryption are not affected.

The proper way to configure encryption keys has always been through Config\Encryption, and this change enforces that pattern while fixing the underlying state management bugs.

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide

[datamweb]

LGTM!

[michalsn]

Thank you @paulbalandan and @datamweb