fix(matrix): implement device verification and stable device_id for E2EE

[devorun]

What does this PR do?

Fixes #3521

Problem

The Matrix gateway was unable to handle encrypted (E2EE) messages effectively for two reasons:

1. Dynamic Device Identity: Without a stable device_id, the bot generated a new identity on every restart, causing users' clients to treat it as an "untrusted/unknown device."
2. Missing Verification: There was no mechanism to handle Matrix device verification (SAS), meaning the bot could never establish trust to receive session keys.

Solution

• Stable Device ID: Added support for the MATRIX_DEVICE_ID environment variable. This ensures the bot maintains a consistent identity across restarts, allowing for persistent trust.
• Auto-Verification: Implemented an automated SAS verification handler (_on_key_verification). The bot will now automatically accept and confirm verification requests from users listed in MATRIX_ALLOWED_USERS.
• Configuration Support: Updated gateway/config.py to officially recognize and map MATRIX_DEVICE_ID and MATRIX_ALLOWED_USERS from environment variables to the Matrix platform configuration.
• Enhanced Security: Verification is restricted only to authorized users to prevent unauthorized session key access.

Testing

• Verified that nio.AsyncClient correctly receives the device_id.
• Confirmed that the verification callback triggers correctly upon receiving a KeyVerificationStart event.

Related Issue

Fixes #

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

How to Test

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform:

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

For New Skills

• This skill is broadly useful to most users (if bundled) — see Contributing Guide
• SKILL.md follows the standard format (frontmatter, trigger conditions, steps, pitfalls)
• No external dependencies that aren't already available (prefer stdlib, curl, existing Hermes tools)
• I've tested the skill end-to-end: hermes --toolsets skills -q "Use the X skill to do Y"

Screenshots / Logs