VFS/DataProvider/Config refactoring + SSH public key authentication

Phase 1-6 of refactoring plan:
- VFS abstraction (VfsBackend trait + LocalFs + OpenFlags builder)
- DataProvider trait (SqliteProvider + PgProvider, SFTPGo-compatible)
- Config refactoring (AppConfig unified sections, env overrides)
- SSH handlers (sftp/scp/rsync) migrated to VFS + DataProvider
- SSH public key authentication (Ed25519 signature verification)
- SSH stderr → CHANNEL_EXTENDED_DATA support
- Web auth uses DataProvider instead of direct SQL
- User home directory from provider (per-user isolation)
- PostgreSQL auth provider for SFTPGo compatibility

markbase-core/src/ssh_server/cipher.rs

@@ -17,6 +17,7 @@ type HmacSha256 = Hmac<Sha256>;
 
 /// SSH加密通道管理器（参考OpenSSH struct sshcipher_ctx）
 pub struct EncryptionContext {
+    pub session_id: Vec<u8>,            // session identifier (exchange hash)
     pub encryption_key_ctos: Vec<u8>,  // 客户端→服务器加密密钥
     pub encryption_key_stoc: Vec<u8>,  // 服务器→客户端加密密钥
     pub mac_key_ctos: Vec<u8>,         // 客户端→服务器MAC密钥
@@ -32,6 +33,7 @@ pub struct EncryptionContext {
 impl Default for EncryptionContext {
     fn default() -> Self {
         Self {
+            session_id: vec![0u8; 32],
             encryption_key_ctos: vec![0u8; 32],
             encryption_key_stoc: vec![0u8; 32],
             mac_key_ctos: vec![0u8; 32],
@@ -73,6 +75,7 @@ impl EncryptionContext {
         info!("Ciphers initialized successfully");
         
         Self {
+            session_id: keys.session_id.clone(),
             encryption_key_ctos: keys.encryption_key_ctos.clone(),
             encryption_key_stoc: keys.encryption_key_stoc.clone(),
             mac_key_ctos: keys.mac_key_ctos.clone(),