Per key document wrapping #3
Description
Current rekey downloads, re-encrypts, and re-uploads every document. With key wrapping, rekey only rotates small key material on-chain.
Contract change: add bytes wrappedKey to the Document struct, add updateDocumentKeys(roomId, bytes[]) batch function.
Client change: generate per-document CEK on upload, wrap/unwrap on download and rekey. reencryptBlob() in useStoracha becomes rewrapKeys() — pure crypto, no network.
Why this matters for folders-as-rooms:
each room (folder) has its own key and its own documents. Revoking a user from one folder only re-wraps that folder's keys. With 5 folders averaging 20 docs each, revoking from one folder re-wraps 20 keys (20 on-chain writes, no Storacha) instead of re-encrypting 20 full documents.