chore(server): purge HS256 from relayauth (RS256-only)

[kjgbot]

What's Removed

• HS256 token signing (signHs256) and the RELAYAUTH_SIGNING_ALG dispatcher/fallback.
• HS256 token verification (verifyHs256Signature) and all bearer-token call sites that depended on it.
• SIGNING_KEY and SIGNING_KEY_ID server config/options/test bindings.
• HS256 oct entries from the JWKS route.
• HS256 dev-token generation.

What's Kept

• RS256 signing material: RELAYAUTH_SIGNING_KEY_PEM and RELAYAUTH_SIGNING_KEY_PEM_PUBLIC.
• signRs256 and the JWK thumbprint-derived kid behavior.
• JWKS-based bearer verification via @relayauth/sdk TokenVerifier.
• Internal HMAC webhook signing; this is separate from auth JWT signing.
• API-key authentication path.

Migration Guidance

• Downstream deployments no longer need a SIGNING_KEY binding.
• Bearer tokens must be RS256-signed, either issued by /v1/tokens or by a trusted signer using RELAYAUTH_SIGNING_KEY_PEM.
• Local dev token generation now requires RELAYAUTH_SIGNING_KEY_PEM.

PR / Deployment Notes

Supersedes PR #33, the minimal /v1/tokens RS256 fix. Reviewers can close #33 after this lands.

Deploy ordering: merge this PR -> publish @relayauth/server@0.2.5 -> bump cloud dependency -> deploy -> JWKS returns only RS256 and the SIGNING_KEY binding can stay removed permanently.

Rollback: revert this PR and re-add the SIGNING_KEY binding on the relayauth worker. This is a broad revert, so fix-forward is preferred.

Verification

• cd packages/server && npm run typecheck
• cd packages/server && npm test
• cd packages/server && npm run test:e2e
• npx turbo test --filter=@relayauth/server