🌊 Wave-20: handshake fingerprint + concurrent Add/Remove

[gHashTag]

Closes #723

🌊 Trinity Chat — Wave-20

Two new threat-model lanes shipped per the W19 ROADMAP forward plan:

• Lane A — L-CHAT-1-handshake (CR-CHAT-01) — handshake_fingerprint.rs
  (343 lines). HandshakeFingerprint::compute(initiator_lt, responder_lt, initiator_pre, responder_pre, kem_ciphertext, suite_and_version) -> Result<Self, HandshakeError>,
  HSF_LEN = 32, HSF_DOMAIN = b"trios-chat-handshake-fingerprint-v1\0",
  constant-time eq_ct via subtle::ConstantTimeEq, length-prefixed
  absorb_tagged per-field domain separator. 10 tests HSF-01..10
  (responder-swap, role-flip, suite-downgrade, truncation, length-shift,
  empty-field rejection, determinism, CT single-bit flip, length const, green).

• Lane B — L-CHAT-3-add (CR-CHAT-03) — concurrent_add_remove.rs
  (419 lines). apply_concurrent(base_members, proposals) with
  deterministic priorities PRI_UPDATE = 0 < PRI_REMOVE = 1 < PRI_ADD = 2,
  ties broken by (priority, hash_id, sort_key). Errors
  RemoveNonMember | AddExisting | UpdateNonMember | DuplicateSortKey.
  10 tests CAR-01..10 (add-after-remove ghost, remove-after-add
  resurrection, dup-add, dup-remove, self-remove+update, empty-set,
  order-independence, tie-break, dup sort-key, green).

Coq Wave-20

Section TrinityChatWave20 adds INV-CHAT-110..116 plus 2 helper
lemmas (all_nonzero_valid_20, update_before_add_20). All proofs
constructive over PropClass20::{PUpdate20, PRemove20, PAdd20},
records TranscriptLens20 and Delta20, with variable
hsf_of_20 : nat -> nat -> nat -> nat -> nat -> nat -> nat.

10 new Qed. → 158 Qed. total, 0 Admitted., 0 new axioms
(cumulative 5 axioms unchanged: ss_kp_injective, dh_step_fresh,
dh_post_history_independent, hybrid_kem_non_degenerate, sn_hash_sym).

Falsifier 1800 → 1900

+50 handshake_fingerprint (PI-HSF-001..050) + +50 concurrent_add_remove
(PI-CAR-001..050). 38 attack categories all at 100 %, G-C10 thresholds
met for every category (≥95 % non-direct, ≥90 % direct). DENY_PATTERNS
in CR-CHAT-06/src/injection.rs extended with ~360 W20 keywords.

Anchor extended

φ² + φ⁻² = 3 · TRINITY · CHAT · … · KEM-DECAP-ORACLE · TAG-STRIPPING
 · HANDSHAKE-FINGERPRINT · CONCURRENT-ADD-REMOVE

Verified [VERIFIED]

Gate	Result
cargo test (12 chat crates + harness)	310 / 0 ✓
cargo run -q -p trios-chat --bin e2e_chat_25	25 / 25 pass ✓
cargo run -q -p trios-chat --bin falsifier_runner	1900 / 1900, 38 cats @ 100 % ✓
cargo clippy --all-targets -- -D warnings	clean ✓
coqc crates/trios-chat/proofs/chat/Trinity_Chat.v	silent, exit 0 ✓
grep -cE "Qed\." Trinity_Chat.v	158 ✓
grep -cE "^\s*Admitted\." Trinity_Chat.v	0 ✓
New axioms vs W19	0 ✓

Compliance

• L-ARCH-001 preserved — all new code under crates/trios-chat/rings/CR-CHAT-NN/.
• L1 — 0 .sh files anywhere in crates/trios-chat/.
• L2 — PR body opens with bare Closes #723.
• R3 — 0 unsafe, clippy -D warnings clean, coqc silent.
• R5 — all claims tagged; counts above are [VERIFIED].
• SeaORM only — no other ORM introduced; no monoliths.

ROADMAP.md updated: status → 310 tests · 25/25 e2e · 1900/1900 falsifier · 38 categories · 158 Coq Qed / 0 Admitted. W20 row promoted (bold),
W19 demoted. Wave-20 detail section added before Wave-19.
ASPIRATIONAL window slides to W21..W25.

Branched from d601a58 (post-W19 main HEAD); commit on this branch tip
is 8116c0b.