Alias TTL renews only on authenticated actions (sending messages)

- Sending a message includes `from` fingerprint
- Server renews alias TTL on send (proves identity: you encrypted it)
- Polling/receiving does NOT renew (anyone can spam messages to you)
- Key registration does NOT renew (separate concern)

This prevents alias keepalive attacks where someone spams a user
just to keep their alias from expiring.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/crates/warzone-client/src/net.rs

@@ -19,6 +19,7 @@ struct RegisterRequest {
 #[derive(Serialize)]
 struct SendRequest {
     to: String,
+    from: Option<String>,
     message: Vec<u8>,
 }
 
@@ -93,12 +94,13 @@ impl ServerClient {
     }
 
     /// Send an encrypted message to the server for delivery.
-    pub async fn send_message(&self, to: &str, message: &[u8]) -> Result<()> {
+    pub async fn send_message(&self, to: &str, from: Option<&str>, message: &[u8]) -> Result<()> {
         let to_clean: String = to.chars().filter(|c| c.is_ascii_hexdigit()).collect();
         self.client
             .post(format!("{}/v1/messages/send", self.base_url))
             .json(&SendRequest {
                 to: to_clean,
+                from: from.map(|f| f.chars().filter(|c| c.is_ascii_hexdigit()).collect()),
                 message: message.to_vec(),
             })
             .send()