feat(reflect): QUIC-native NAT reflection ("STUN for QUIC") — Phase 1

Lets a client ask its registered relay "what IP:port do you see for
me?" over the existing TLS-authenticated signal channel, returning
the client's server-reflexive address as a SocketAddr. Replaces the
need for a classic STUN deployment and becomes the bootstrap step
for future P2P hole-punching: once both peers know their own reflex
addrs, they can advertise them in DirectCallOffer and attempt a
direct QUIC handshake to each other.

Wire protocol (wzp-proto):
- SignalMessage::Reflect — unit variant, client -> relay
- SignalMessage::ReflectResponse { observed_addr: String } — relay -> client
- JSON-serde, appended at end of enum: zero ordinal concerns,
  backward compat with pre-Phase-1 relays by construction (older
  relays log "unexpected message" and drop; newer clients time out
  cleanly within 1s).

Relay handler (wzp-relay/src/main.rs, signal loop):
- New match arm next to Ping reuses the already-bound `addr` from
  connection.remote_address() and replies with observed_addr as a
  string. debug!-level log on success, warn!-level on send failure.

Client side (desktop/src-tauri/src/lib.rs):
- SignalState gains pending_reflect: Option<oneshot::Sender<SocketAddr>>.
- get_reflected_address Tauri command installs the oneshot before
  sending Reflect and awaits it with a 1s timeout; cleans up on
  every exit path (send failure, timeout, parse error).
- recv loop's new ReflectResponse arm fires the pending sender or
  emits a debug log for unsolicited responses — never crashes the
  loop on malformed input.
- Integrated into invoke_handler! alongside the other signal
  commands.

UI (desktop/index.html + src/main.ts):
- New "Network" section in settings panel with a "Detect" button
  that displays the reflected address or a categorized warning
  ("register first" / "relay does not support reflection" / error).

Tests (crates/wzp-relay/tests/reflect.rs — 3 new, all passing):
- reflect_happy_path: client on loopback gets back 127.0.0.1:<its own port>
- reflect_two_clients_distinct_ports: two concurrent clients see
  their own distinct ports, proving per-connection remote_address
- reflect_old_relay_times_out: mock relay that ignores Reflect —
  client times out between 1000-1200ms and does not hang

Also pre-existing test bit-rot unrelated to this PR — fixed so the
full workspace `cargo test` goes green:
- handshake_integration tests in wzp-client, wzp-relay and
  featherchat_compat in wzp-crypto all missed the `alias` field
  addition to CallOffer and the 3-arg form of perform_handshake
  plus 4-tuple return of accept_handshake. Updated to the current
  API surface.

Results:
  cargo test --workspace --exclude wzp-android: 386 passed
  cargo check --workspace: clean
  cargo clippy: no new warnings in touched files

Verification excludes wzp-android because it's dead code on this
branch (Tauri mobile uses wzp-native instead) and can't link -llog
on macOS host — unchanged status quo.

PRD: .taskmaster/docs/prd_reflect_over_quic.txt
Tasks: 39-46 all completed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

crates/wzp-relay/tests/handshake_integration.rs

@@ -63,11 +63,11 @@ async fn handshake_succeeds() {
         accept_handshake(server_t.as_ref(), &callee_seed).await
     });
 
-    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed)
+    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed, None)
         .await
         .expect("perform_handshake should succeed");
 
-    let (callee_session, chosen_profile) = callee_handle
+    let (callee_session, chosen_profile, _caller_fp, _caller_alias) = callee_handle
         .await
         .expect("join callee task")
         .expect("accept_handshake should succeed");
@@ -124,11 +124,11 @@ async fn handshake_verifies_identity() {
         accept_handshake(server_t.as_ref(), &callee_seed).await
     });
 
-    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed)
+    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed, None)
         .await
         .expect("handshake must succeed even with different identities");
 
-    let (callee_session, _profile) = callee_handle
+    let (callee_session, _profile, _caller_fp, _caller_alias) = callee_handle
         .await
         .expect("join")
         .expect("accept_handshake must succeed");
@@ -183,7 +183,7 @@ async fn auth_then_handshake() {
         };
 
         // 2. Run the cryptographic handshake
-        let (session, profile) = accept_handshake(server_t.as_ref(), &callee_seed)
+        let (session, profile, _caller_fp, _caller_alias) = accept_handshake(server_t.as_ref(), &callee_seed)
             .await
             .expect("accept_handshake after auth");
 
@@ -199,7 +199,7 @@ async fn auth_then_handshake() {
         .await
         .expect("send AuthToken");
 
-    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed)
+    let caller_session = perform_handshake(client_transport.as_ref(), &caller_seed, None)
         .await
         .expect("perform_handshake after auth");
 
@@ -270,6 +270,7 @@ async fn handshake_rejects_bad_signature() {
         ephemeral_pub,
         signature,
         supported_profiles: vec![wzp_proto::QualityProfile::GOOD],
+        alias: None,
     };
 
     client_transport