feat: WZP-S-2 relay auth + WZP-S-3 featherChat signaling bridge

WZP-S-2: Relay token authentication
- New --auth-url flag: relay calls POST {url} with bearer token
- Clients must send SignalMessage::AuthToken as first signal
- Relay validates against featherChat's /v1/auth/validate endpoint
- Rejects unauthenticated clients before they join rooms
- New auth.rs module with validate_token() + tests

WZP-S-3: featherChat signaling bridge
- New featherchat.rs module for CallSignal interop
- WzpCallPayload: wraps SignalMessage + relay_addr + room name
- encode_call_payload/decode_call_payload for JSON serialization
- CallSignalType enum mirrors featherChat's variant
- signal_to_call_type maps WZP signals to FC types

Protocol: Added SignalMessage::AuthToken { token } variant

129 tests passing across all crates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

crates/wzp-proto/src/packet.rs

@@ -297,6 +297,10 @@ pub enum SignalMessage {
 
     /// End the call.
     Hangup { reason: HangupReason },
+
+    /// featherChat bearer token for relay authentication.
+    /// Sent as the first signal message when --auth-url is configured.
+    AuthToken { token: String },
 }
 
 /// Reasons for ending a call.