WIP: Add pnet support with PSK-based connection wrapping

[lla-dane]

This PR introduces support for libp2p Private Networks (pnet) in py-libp2p.

Reference: https://github.com/libp2p/go-libp2p/tree/master/p2p/net/pnet

pnet is lightweight encryption layer used to isolate a libp2p network using a shared Pre-Shared Key (PSK).
Nodes that don't have the correct PSK simply can't establish connections - enforcing network-level access control before any libp2p handshake happens.

What's implemented:

• Added a new PskConn class that wraps a RawConnection.
• When a PSK is provided, all reads/writes on the connection are transparently encrypted/decrypted using the Salsa20 stream cipher.
• The PSK itself is derived from a 32-byte hex key shared among all peers in the private network.

How it works:

• On the first write, the connection generates a random 8-byte nonce and sends it to the peer.
• The nonce initializes the Salsa20 cipher, which is then used to encrypt outgoing data.
• On the receiving side, the PskConn reads this nonce and creates a matching decryptor, ensuring both peers are synchronized.
• All further communication flows through this encrypted stream.

Cipher: Crypto.Cipher.Salsa20 (key= 32 bytes, nonce= 8 bytes)

[seetadev]

Excellent work, @lla-dane! 👏

This is a very valuable addition to py-libp2p, and the implementation is both clean and thoughtfully aligned with the existing go-libp2p/pnet design.

This feature will be especially important for enabling isolated, permissioned libp2p deployments and for use cases where network-level access control is essential (e.g., consortium networks or research environments).

Great work bringing this to life in py-libp2p — this significantly improves the library’s parity with the Go and JS implementations. Looking forward to seeing this PR head towards final review + merge.