Backend test infrastructure + init handler tests

[gmaclennan]

Context

PR #36 added the rootkey handshake ({type:"init",rootKey:"<base64>"}) and structured error-frame broadcast on the control socket. The native side (Android FGS + iOS NodeJSService) and the JS bridge both got direct test coverage, but the backend validation logic in backend/index.js did not.

Specifically untested today:

• init handler: rejects non-string rootKey, rejects wrong-length-after-decode, ignores second init after consumption.
• handleFatal / uncaughtException path: tagged-phase routing, broadcast-then-exit, the 100ms flush wait.
• SimpleRpcServer.broadcastError: per-client try/catch, frame shape.

Why deferred

The backend/ directory has no test runner today (no mocha/tap/jest, no *.test.js invocation in package.json). Adding meaningful coverage means:

1. Pick + add a test runner (likely node --test for zero-deps).
2. Refactor the inline init handler in backend/index.js into something importable (or build a small test harness that drives the full process via child_process.spawn + a fake control-socket client).

PR #36 review explicitly deferred this as out of scope for the rootkey landing.

Acceptance

• Test runner wired up (likely node --test, or align with whatever the rest of the repo standardises on).
• init handler: malformed payload → process exits non-zero with broadcast {type:"error",phase:"init",…}.
• Construction failure (e.g. malformed privateStorageDir): broadcast {type:"error",phase:"construct",…} before exit.
• Uncaught throw mid-runtime: same broadcast with phase:"runtime".

[gmaclennan]

Cross-linking #50 — that umbrella issue's Item 1 covers the same ground (backend test harness + handler tests, including init validation, handleFatal, broadcastError) plus the new behaviours from PR #47 (error-native handler, shutdown ordering invariant, SimpleRpcServer.broadcast).

Whoever picks this up should treat #38 and #50's Item 1 as a single piece of work:

• The harness setup (Node --test, npm run backend:test, CI wiring) is the prerequisite for both.
• Backend test infrastructure + init handler tests #38's acceptance criteria (init malformed → exit + error broadcast; construct / runtime phase tagging) are still load-bearing — fold them into the same PR.
• Test coverage follow-ups from per-component lifecycle refactor (#47) #50 Item 1's additions (error-native malformed-input rejection; error-native valid → re-broadcast + exit; shutdown broadcasts stopping BEFORE close; broadcast() and broadcastError() per-client try/catch behaviour) layer on top.

Suggest closing whichever is more convenient (probably #38 in favour of #50 since #50 has the more complete scope post-#47 refactor) once the work lands — but don't duplicate effort by treating them as separate issues.