docs: add README, LICENSE files, and crate/module-level doc comments

Add top-level README.md with alpha status warning, quick start guide,
architecture overview, feature flags, transport modes, auth docs, and
Node.js API examples.

Add dual LICENSE-MIT and LICENSE-APACHE files.

Add comprehensive crate-level and module-level rustdoc to all three
crates (wraith-core, wraith, wraith-napi) and all public modules
(transport, client, server, auth, socks5, error). Add doc comments to
key public types (Transport, TransportAcceptor, ConnectOptions,
ClientSession, Server, ServeOptions, KeySource, ServerAuthConfig, etc).

Update Cargo.toml files with workspace-level package metadata
(version, edition, license, repository) and crate descriptions.

crates/wraith-core/src/auth/keys.rs

@@ -1,15 +1,29 @@
+//! Key loading and parsing for SSH authentication.
+//!
+//! Supports `KeySource` (file path or in-memory) for private keys, public keys,
+//! and certificate authority entries. All keys must be in OpenSSH format.
+//! PEM-encoded keys (PKCS#1, PKCS#8) are rejected with a clear error message.
+
 use std::path::PathBuf;
 
 use russh::keys::{PrivateKey, PublicKey, decode_secret_key, parse_public_key_base64};
 
 use crate::error::ConfigError;
 
+/// Source for key material — either a filesystem path or in-memory bytes.
+///
+/// Used throughout the API to accept keys without committing to a specific
+/// loading mechanism. In-memory keys are primarily for the NAPI wrapper.
 #[derive(Debug, Clone)]
 pub enum KeySource {
     File(PathBuf),
     Memory(Vec<u8>),
 }
 
+/// A certificate authority entry parsed from an `authorized_keys` file.
+///
+/// Contains the CA public key and its associated options (e.g., `cert-authority`,
+/// `permit-port-forwarding`). Used by `ServerAuthConfig` for certificate validation.
 #[derive(Debug, Clone)]
 pub struct CertAuthorityEntry {
     pub public_key: PublicKey,