Fix unbounded buffer growth in aead_decrypt chunk reassembly

[madeye]

Summary

• The idx-tracking optimization in aead_decrypt (from 31731ba) skipped memmove when partial AEAD chunks spanned multiple calls, but never compacted the dead space before idx
• This caused the chunk buffer to grow proportionally to total data transferred (~10 MB growth per 10 MB), tripping the stress test memory leak threshold on macOS CI
• Fix: compact residual data to the front when appending new ciphertext, keeping the buffer bounded

Server RSS before/after (10 MB transfer):

Cipher	Before fix	After fix
aes-128-gcm	8.4 → 18.7 MB (+10.3 MB)	2.5 → 3.1 MB (+0.6 MB)
aes-256-gcm	8.2 → 14.4 MB (+6.2 MB)	2.5 → 3.2 MB (+0.7 MB)
chacha20-ietf-poly1305	8.1 → 18.5 MB (+10.3 MB)	2.5 → 3.2 MB (+0.7 MB)

Test plan

• Unit tests pass (ctest --output-on-failure)
• Stress test passes locally (python3 tests/stress_test.py --bin build/shared/bin/ --size 10)
• CI passes on ubuntu-latest and macos-latest

🤖 Generated with Claude Code