feat(server): implement serve loop, ServeOptions, graceful shutdown, and integration test

- Add ServeOptions struct with all CLI fields (key, authorized_keys, cert_authority,
  transport_mode, listen_addr, tls_cert, tls_key, acme_domain, stealth, proxy,
  iroh_relay, max_connections_per_ip, max_auth_attempts)
- ServeOptions::key/authorized_keys accept KeySource (file or in-memory)
- Server::new(opts) creates server with bound russh config, auth config, rate limiter
- Server::run(acceptor, endpoint_info) enters accept loop: rate limit check -> create
  handler -> russh::server::run_stream()
- Stealth mode integration: protocol detection before run_stream() on TLS connections
- Graceful shutdown: Server::shutdown() sends SSH disconnect, waits drain timeout,
  aborts remaining sessions
- SIGTERM/SIGINT handler on unix platforms
- iroh mode: prints endpoint ID on startup
- Integration test: start server, shutdown signal, verify clean exit
- Re-export Server, ServeOptions, ServeTransportMode, ServeError from lib.rs

crates/wraith-core/src/server/mod.rs

@@ -2,6 +2,7 @@ pub mod channel_proxy;
 pub mod control_channel;
 pub mod handler;
 pub mod rate_limit;
+pub mod serve;
 pub mod stealth;
 
 pub use channel_proxy::{connect_outbound, proxy_channel};
@@ -11,4 +12,5 @@ pub use control_channel::{
 };
 pub use handler::{ProxyConfig, ProxyMode, ServerHandler, TransportKind};
 pub use rate_limit::{AuthAttemptLimiter, ConnectionRateLimiter};
+pub use serve::{Server, ServeError, ServeOptions, ServeTransportMode};
 pub use stealth::{ProtocolDetection, detect_protocol, send_fake_nginx_404, validate_stealth_config};