feat(core): implement StaticConfig/DynamicConfig split with ArcSwap hot-reload

Split alknet-core configuration into StaticConfig (immutable after startup)
and DynamicConfig (hot-reloadable at runtime via ArcSwap).

- Add StaticConfig struct in config/static_config.rs with all fields per ADR-030
- Add DynamicConfig struct with AuthPolicy, ForwardingPolicy, RateLimitConfig
- Add ForwardingPolicy with allow_all()/deny_all() defaults (ADR-031)
- Add ConfigReloadHandle with reload() method for runtime config updates
- Replace Arc<ServerAuthConfig> with Arc<ArcSwap<DynamicConfig>> in ServerHandler
- Add config_reload_handle() to Server for obtaining reload handles
- Add AuthPolicy with authenticate_publickey/authenticate_certificate methods
- All existing tests pass with the new config structure
- Default DynamicConfig produces identical behavior to current code

crates/alknet-core/src/testutil.rs

@@ -1,5 +1,5 @@
-use tokio::io::{DuplexStream, AsyncRead, AsyncWrite};
 use anyhow::Result;
+use tokio::io::{AsyncRead, AsyncWrite, DuplexStream};
 
 #[cfg(feature = "transport-traits")]
 pub use crate::transport::{Transport, TransportAcceptor, TransportInfo, TransportKind};
@@ -9,10 +9,10 @@ pub use local_traits::{Transport, TransportAcceptor, TransportInfo, TransportKin
 
 #[cfg(not(feature = "transport-traits"))]
 mod local_traits {
-    use std::net::SocketAddr;
     use anyhow::Result;
-    use tokio::io::{AsyncRead, AsyncWrite};
     use async_trait::async_trait;
+    use std::net::SocketAddr;
+    use tokio::io::{AsyncRead, AsyncWrite};
 
     #[async_trait]
     pub trait Transport: Send + Sync + 'static {
@@ -138,4 +138,4 @@ impl TransportAcceptor for MockTransportAcceptor {
 pub fn mock_pair(buf_size: usize) -> (MockStream, MockStream) {
     let (client, server) = tokio::io::duplex(buf_size);
     (MockStream::new(client), MockStream::new(server))
-}
+}