feat(storage): encryption-at-rest key rotation + on-disk verification tests

[Copilot]

pluresdb-storage had AES-256-GCM primitives but no safe block re-encryption path and no tests proving ciphertext opacity on disk. This adds the full rotation workflow, on-disk verification tests, and key management docs.

API — rotate_key_and_reencrypt_blocks

// Atomically: decrypt all blocks with old key → derive new key (fresh salt)
// → re-encrypt all blocks → commit new key only if every block succeeded.
let new_ciphertexts = enc.rotate_key_and_reencrypt_blocks("new-passphrase", &old_blocks)?;

// Persist updated salt — do this AFTER re-encryption succeeds
EncryptionMetadata::from_config(&enc).save(&db_path.join("encryption.json"))?;

The existing rotate_key() is unchanged (in-memory key swap only; use rotate_key_and_reencrypt_blocks when stored blocks must be migrated).

Changes

• encryption.rs — rotate_key_and_reencrypt_blocks(new_password, blocks): all-or-nothing block re-encryption; self is not mutated if any block fails to decrypt. Five new unit tests cover round-trip, wrong-key error, disabled-config error, and stale-ciphertext rejection.

• tests/encryption_at_rest_tests.rs (new) — 9 integration tests:

  • Raw on-disk bytes contain no plaintext substrings
  • Repeated encrypt() calls produce distinct ciphertexts (nonce uniqueness)
  • Wrong key returns an error (no silent corruption)
  • encryption.json exposes no key material, only the Argon2id salt
  • Full rotation round-trip: all blocks decrypt correctly after rotation
  • Old ciphertexts are undecryptable after rotation
  • Reloading metadata + re-deriving key works end-to-end
  • Rotation over an empty block slice is a valid metadata-only update
  • Large heterogeneous payload leaves no recognisable substrings in ciphertext

• docs/KEY_MANAGEMENT.md (new) — key derivation patterns, two-phase rotation workflow, recovery-from-key-loss decision table, Argon2id parameter configuration guidance.

• docs/API.md — updated EncryptionConfig methods table to include rotate_key_and_reencrypt_blocks; key rotation section now shows the recommended two-phase pattern and links to KEY_MANAGEMENT.md.

[Copilot]

Copilot wasn't able to review any files in this pull request.