Add external secret helper, JWS flattening, X25519 JWE support, and security fixes

[pelle]

Summary

This PR introduces significant improvements to key management, cryptographic interoperability, and security across the TAP agent ecosystem. The changes enable external secret provisioning via git-like helpers, improve Veramo compatibility through JWS format standardization, add X25519 support for JWE operations, and address multiple security vulnerabilities.

Key Changes

External Secret Helper for Key Management

• Implemented git-like secret helper pattern for retrieving private keys from external stores (HashiCorp Vault, AWS KMS, 1Password)
• Added get_private_key(did) method to AgentKeyManager and KeyManager trait
• Created secret_helper module with SecretHelperConfig and discover_agent_dids functionality
• Added TapAgent::from_secret_helper() factory method for external key provisioning
• Integrated --secret-helper / TAP_SECRET_HELPER flag across tap-cli, tap-http, and tap-mcp

Flattened JWS Serialization for Veramo Compatibility

• Switched default JWS serialization from General to Flattened format for single signatures (RFC 7515 compliant)
• Implemented flexible deserialization accepting both General and Flattened JWS formats
• Added base64_decode_flexible() helper supporting all Base64 variants (standard, URL-safe, padded/unpadded)
• Implemented did:key resolution in resolve_verification_key for cross-agent signature verification

X25519 JWE Anoncrypt Support

• Added X25519 ECDH key agreement via x25519-dalek for Veramo JWE interoperability
• Implemented support for X25519 ephemeral public keys in unwrap_jwe alongside existing P-256
• Made apv/apu fields optional in JweProtected (Veramo omits them)
• Added DID prefix matching for X25519 key agreement key IDs in JWE recipients

Security Fixes

• Critical: Fixed SQL injection in MCP database tools via table name interpolation
• High: Added PRAGMA query_only=ON to prevent SQL read-only filter bypass
• High: Sanitized internal error details leaked to HTTP clients
• High: Added request body size limit to tap-http
• High: Added rate limiting to unbounded agent creation endpoint
• High: Added validation for NaN/Infinity in financial amount fields (Transfer, Payment, Settle)
• Medium: Fixed fail-open authorization validator
• Medium: Prevented DID path traversal
• Medium: Fixed LIKE pattern injection in database queries
• Low: Replaced hand-rolled URL encoding with urlencoding crate
• Updated happy-dom to v20 to fix critical VM escape vulnerability (tap-ts)

Bug Fixes

• External decision process tool responses now correctly returned to caller
• Replaced panicking unwrap on database deserialization with proper error handling
• Replaced panic on missing home directory with graceful error handling
• Replaced hand-rolled URL encoding with urlencoding crate

Encoding Changes

• JWS encoding switched from standard Base64 to Base64URL (no padding) per RFC 7515

https://claude.ai/code/session_01U5pusfFsLrcwHqZjFhfb8L