%ELO adaptor reuses a zero IV, breaking AES-GCM security

[zxch3n]

rust/loro-websocket-client/src/lib.rs:1045-1138

• The %ELO client sets the IV to [0u8; 12] in both encode_elo_snapshot_container and the live
  subscribe_local_update hook. Every encrypted record therefore repeats the same AES-GCM nonce under the
  same key.
• protocol-e2ee.md mandates 96-bit unique IVs and warns against reuse; violating that lets an attacker
  recover XORs of plaintexts and eventually the key.
• Fix: Plug in a CSPRNG (e.g. rand::rngs::OsRng) or a durable per-key counter to emit fresh IVs, and keep
  embedding the 12-byte IV in the record header so receivers can decrypt.