Implement onchain key management schema patterns

[rz1989s]

Context

Part of Phase 10.4: AI Agent Infrastructure (Roadmap)

"Secrets-as-a-Service" - standardized patterns for onchain key management.

Description

Provide built-in schema patterns for common onchain key management scenarios:

• Key rotation
• Multi-sig approval
• Time-locked access
• Threshold encryption

Example Patterns

// Built-in key management types
use lumos::crypto::{RotatableKey, MultiSig, TimeLock};

#[solana]
#[account]
struct SecureVault {
    owner: PublicKey,
    
    // Auto-generates rotation history tracking
    encryption_key: RotatableKey<[u8; 32]>,
    
    // Requires M-of-N signatures
    admin_key: MultiSig<3, 5>,  // 3 of 5 required
    
    // Only accessible after timestamp
    recovery_key: TimeLock<PublicKey>,
}

Built-in Types

RotatableKey:

struct RotatableKey<T> {
    current: T,
    previous: Option<T>,
    rotated_at: i64,
    rotation_count: u32,
}

MultiSig<M, N>:

struct MultiSig<const M: usize, const N: usize> {
    signers: [Pubkey; N],
    threshold: u8,  // = M
}

TimeLock:

struct TimeLock<T> {
    value: T,
    unlock_at: i64,
}

Acceptance Criteria

• Implement RotatableKey<T> built-in type
• Implement MultiSig<M, N> with const generics
• Implement TimeLock<T> with unlock logic
• Generate helper methods for each pattern
• TypeScript equivalents with validation
• Example schemas demonstrating patterns
• Documentation with security considerations