Implement Phase 1: AES-256-GCM algorithm negotiation and cipher mode setting

Performance optimization Phase 1 implementation:
- Add aes-gcm crate dependency (v0.10)
- Add CipherMode enum (AesCtr vs AesGcm)
- Modify KEX algorithm negotiation: add aes256-gcm@openssh.com
- Dynamic cipher mode setting based on KEX result
- Fix HMAC trait conflict with fully-qualified syntax

Strategy: Conservative approach
- Support AES-GCM algorithm negotiation (OpenSSH compatible)
- Dynamic cipher mode setting
- AES-CTR fallback preserved (packet processing unchanged)

Next steps:
- Test OpenSSH client AES-GCM negotiation
- Implement AES-GCM packet processing if needed
- Continue to Phase 4 (parallel encryption)

markbase-core/Cargo.toml

@@ -58,6 +58,7 @@ ed25519-dalek = { version = "2.0", features = ["rand_core"] }
 aes = "0.8"
 ctr = "0.9"
 cipher = "0.4"
+aes-gcm = "0.10"  # Phase 1: AES-256-GCM AEAD（性能优化）
 nix = { version = "0.29", features = ["poll", "fs"] }  # Phase 14: OpenSSH风格的poll()和非阻塞I/O（fs feature包含fcntl）
 rusty-s3 = "0.10"     # S3 API 签名（AWS Signature V4）
 ureq = "2.12"          # 輕量同步 HTTP 客戶端