v0.0.3: fix X3DH OTPK mismatch — web bundles without OTPKs

Root cause: web client's bundle included OTPKs, so X3DH initiate()
did 4 DH ops (DH4 with OTPK). But decrypt_wire_message() called
respond() with None for OTPK, doing only 3 DH ops.
Different DH concat → different shared secret → decrypt fails.

Fix: web client bundles have one_time_pre_key: None.
initiate() skips DH4 when no OTPK present.
respond() also skips DH4 with None.
Both sides now do exactly 3 DH ops → shared secrets match.

OTPKs are an anti-replay optimization, not required for E2E.
Will add OTPK support to web client in Phase 2 with proper
server-side OTPK storage and consumption tracking.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/Cargo.lock

@@ -2555,7 +2555,7 @@ dependencies = [
 
 [[package]]
 name = "warzone-client"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "anyhow",
  "argon2",
@@ -2584,7 +2584,7 @@ dependencies = [
 
 [[package]]
 name = "warzone-mule"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "anyhow",
  "clap",
@@ -2593,7 +2593,7 @@ dependencies = [
 
 [[package]]
 name = "warzone-protocol"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "base64",
  "bincode",
@@ -2616,7 +2616,7 @@ dependencies = [
 
 [[package]]
 name = "warzone-server"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "anyhow",
  "axum",
@@ -2642,7 +2642,7 @@ dependencies = [
 
 [[package]]
 name = "warzone-wasm"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "base64",
  "bincode",