* Add RustCrypto backend for MUSL/Docker compatibility

Implement a pure-Rust cryptographic backend using the RustCrypto ecosystem
to enable deployment in MUSL/Docker environments without OpenSSL dependencies.

This change adds a new 'backend-rustcrypto' feature flag that provides a
fully-functional alternative to the existing OpenSSL backend. The new backend
uses p256 for elliptic curve operations, aes-gcm for encryption, and other
RustCrypto crates for cryptographic primitives.

Key changes:
- Add RustCryptoCryptographer implementing the Cryptographer trait
- Add backend-rustcrypto feature with pure-Rust dependencies
- Implement full interoperability between OpenSSL and RustCrypto backends
- Add comprehensive test suite including cross-backend interop tests
- Update documentation with usage examples for both backends

All RFC 8291 test vectors pass with both backends. The implementation is
backward compatible with no breaking changes to the existing API.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Make tests backend-agnostic and simplify interop tests

- Remove backend-openssl gates from aes128gcm_tests module
- Make all RFC test vectors run with both OpenSSL and RustCrypto
- Simplify interop tests to single minimal test
- Fix backend-specific error matching in truncated_auth_secret test

Test coverage:
- RustCrypto: 23 tests (up from 11)
- OpenSSL: 29 tests (unchanged)
- Both: 30 tests (includes interop)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix clippy warnings and apply rustfmt

- Add module-level #![allow] attributes for deprecated and dead_code
- Remove AES_GCM_NONCE_LENGTH constant, use literal value
- Remove inline allow attributes (now at module level)
- Clean up comments for deprecated API usage

All clippy checks pass with -D warnings.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Improve allow attributes with better documentation

Replace blanket #![allow(dead_code)] with targeted #[allow(dead_code)]
on specific types and impl blocks. Add clear comments explaining:

- deprecated: Due to generic-array < 1.0 in aes-gcm 0.10 (stable).
  Will be resolved when aes-gcm 0.11 is released.

- dead_code: Types appear unused when both backends are enabled
  because OpenSSL takes precedence, but they're required by the
  Cryptographer trait implementation and used in tests.

This makes the allow attributes more maintainable and documents
why they exist.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>