v0.1.25

Security/quality audit closure + interop validation.

- Iterative appsec + codepros audit: closed the Critical receive-side
  flow-control gap, CSPRNG connection IDs, anti-amplification (incl. RFC 9000
  §14.1 undersized-Initial discard), CID-lifecycle conformance (§7.3 TP CID
  auth, CONNECTION_ID_LIMIT_ERROR), RFC 9221 DATAGRAM wire format, RESET_STREAM
  FINAL_SIZE_ERROR, H3 OOB/leak/path-traversal fixes, and more, until both
  reviews converged clean. Remaining items tracked in the *GAP_ANALYSIS docs.
- Full QUIC interop matrix: 95 passed / 0 failed / 45 documented skips across
  quic-go, ngtcp2, quiche, and 11 other implementations.