feat: Swift and Kotlin credential storage tests

[lukejmann]

Note

High Risk
Adds new persistent storage and device-keystore implementations (AndroidKeyStore/Keychain + atomic file writes) that are security- and data-integrity-sensitive and may be used by production callers.

Overview
Adds mobile storage primitives for WalletKit: AndroidDeviceKeystore (AndroidKeyStore AES-GCM), AndroidAtomicBlobStore (atomic file writes), and AndroidStorageProvider/WalletKitStorage.defaultProvider, plus Swift equivalents IOSDeviceKeystore (Keychain-stored AES-GCM key with entitlement fallback), IOSAtomicBlobStore, and IOSStorageProvider/WalletKitStorage.makeDefaultProvider.

Adds new Swift and Kotlin test suites validating CredentialStore initialization requirements, credential persistence + Merkle cache TTL behavior across reopen, and DeviceKeystore seal/open behavior; also renames SimpleTest to LoggingTests and increases log-bridge wait time. Updates swift/test_swift.sh to clear staged Swift sources and copy new local support files into the test package before running.

^{Written by Cursor Bugbot for commit 089d20b. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Swift keystore methods don't wrap CryptoKit errors

High Severity

IOSDeviceKeystore.seal and openSealed let CryptoKit errors propagate unwrapped, unlike the Kotlin AndroidDeviceKeystore which catches all exceptions and wraps them in StorageException.Keystore. The Rust DeviceKeystore trait returns StorageResult, so UniFFI converts unrecognized Swift errors into StorageError::UnexpectedUniFFICallbackError instead of StorageError::Keystore. Rust code that pattern-matches on the Keystore variant (e.g., in keys.rs) will fail to handle these errors correctly.