feat: integrate MLS with auth

[zsoltkacsandi]

Description

Please provide a meaningful description of what this change will do, or is for.
Bonus points for including links to related issues, other PRs, or technical
references.

Note that by not including a description, you are asking reviewers to do extra
work to understand the context of this change, which may lead to your PR taking
much longer to review, or result in it not being reviewed at all.

Type of Change

• Bugfix
• New Feature
• Breaking Change
• Refactor
• Documentation
• Other (please describe)

Checklist

• I have read the contributing guidelines
• Existing issues have been referenced (where applicable)
• I have verified this change is not present in other open pull requests
• Functionality is documented
• All code style checks pass
• New code contribution is covered by automated tests
• All new and existing tests pass

[muscariello]

It would be useful to have error messages not managed inline and instead follow the SLIM pattern where

#[derive(Debug, thiserror::Error)]
pub enum SlimIdentityError {
    #[error("Not a basic credential")]
    NotBasicCredential,
    
    #[error("Invalid UTF-8 in credential: {0}")]
    InvalidUtf8(#[from] std::str::Utf8Error),
    
    #[error("Identity verification failed: {0}")]
    VerificationFailed(String),
    
    #[error("External sender validation failed: {0}")]
    ExternalSenderFailed(String),
}

fn resolve_slim_identity<V>(
    signing_id: &SigningIdentity,
    verifier: &V,
) -> Result<String, SlimIdentityError>
where
    V: Verifier + Send + Sync + Clone + 'static,
{
    let basic_cred = signing_id
        .credential
        .as_basic()
        .ok_or(SlimIdentityError::NotBasicCredential)?;

    let credential_data = std::str::from_utf8(&basic_cred.identifier)?;
    
    // Actually use the verifier to validate the credential
    verifier
        .verify(credential_data)
        .map_err(|e| SlimIdentityError::VerificationFailed(e.to_string()))?;

    Ok(credential_data.to_string())
}

[muscariello]

General comment is that this part of the code would benefit from logging as instrumentation is also available.

[muscariello]

Same as above

#[derive(Debug, thiserror::Error)]
pub enum MlsInterceptorError {
    #[error("Not a group member")]
    NotGroupMember,
    
    #[error("Encryption failed: {0}")]
    EncryptionFailed(String),
    
    #[error("Decryption failed: {0}")]
    DecryptionFailed(String),
    
    #[error("Group ID mismatch: expected {expected}, got {actual}")]
    GroupIdMismatch { expected: String, actual: String },
    
    #[error("Missing payload")]
    MissingPayload,
    
    #[error("Invalid metadata: {0}")]
    InvalidMetadata(String),
    
    #[error("Sender not authorized: {0}")]
    SenderNotAuthorized(String),
}

[muscariello]

@zsoltkacsandi go ahead with rebase and then merge

[zsoltkacsandi]

@zsoltkacsandi go ahead with rebase and then merge

Done, I've improved the logging and error handling, and reconciled the changes.