error: make public errors structured and fatal-only

[zRedShift]

Draft follow-up to #126.

This keeps transient parser failures internal and reshapes the public Error API so public errors represent connection-fatal outcomes rather than recoverable UDP/parser noise.

Changes:

• removes public ParseIncomplete, ParseError, and TooManyRecords from Error;
• replaces stringly public error payloads with structured enums;
• changes dimpl-owned crypto provider error surfaces from String to typed errors;
• preserves diagnostic detail without allocating String payloads;
• reduces public Error size from 32 bytes to 16 bytes on this target.

Validation:

• cargo fmt --check
• git diff --check
• snowflake local check
• cargo test --all-targets --features rcgen
• cargo clippy --all-targets --features rcgen -- -D warnings
• cargo test --no-default-features --features rust-crypto
• cargo clippy --no-default-features --features rust-crypto -- -D warnings
• cargo test --doc --features rcgen

[algesten]

126 merged. this can be rebased

[algesten]

@zRedShift what's the point of this PR? Feels like we're handling empty records in like 2 places in the code path already.

[zRedShift]

@algesten the intent here isn’t to handle parsed empty records.

this is before we have a record at all: a datagram that only contains an incomplete DTLS record header or body currently bubbles up as ParseIncomplete from handle_packet. the PR makes that look like normal UDP loss/truncation and drops it without turning it into a connection-level error.

[algesten]

@zRedShift ok, but what about what we said in Discord about maybe not having ParseIncomplete as an error at all?

[zRedShift]

@algesten i was a bit hesitant to take that plunge wholesale since it might become a big pr, but i agree this pr is too narrow and doesn’t buy us much. how about i rework it into a proper implementation of that idea and we’ll see from there?