Feature/aws kms adapter

[kchain-solutions]

🚨 PROPOSAL: Major Architecture Refactoring and AWS KMS Integration

This PR proposes a comprehensive architectural transformation of the IOTA Secret Storage repository, introducing enterprise-grade capabilities
through hexagonal architecture and AWS KMS integration.

⚠️ Breaking Changes Notice:
This proposal involves significant structural changes that would fundamentally alter the repository organization and API surface. I recommend
thorough review and discussion before considering merge.

Proposed Key Changes:

• Complete repository restructuring with hexagonal architecture principles
• New AWS KMS adapter implementation with secp256r1 (P-256) curve support
• ECDSA signature canonicalization for IOTA blockchain compatibility
• Separation of concerns: core domain, adapters, and applications layers
• Storage factory with builder pattern for explicit adapter selection
• Dynamic key generation with timestamp-based aliases
• End-to-end IOTA transaction workflow (key generation → address derivation → transaction signing)
• Comprehensive examples and documentation

Migration Impact:

• Existing integrations would require updates due to new module structure
• API changes in storage trait interfaces

Links to any relevant issues

This proposal addresses enterprise adoption requirements discussed in previous architectural discussions.

Type of change

• Breaking change (restructures repository architecture)
• Enhancement (adds significant new functionality)

How the change has been tested

Comprehensive Testing Strategy:

1. Integration Tests: Real AWS KMS operations with proper credentials
2. End-to-End Testing: Complete IOTA workflow from key generation to transaction submission
3. Example Verification: All examples run successfully with proper AWS configuration
4. Backward Compatibility: Verified existing core traits remain functional

End-to-end examples

AWS_PROFILE=your-profile AWS_REGION=eu-west-1 cargo run --package storage-factory --example iota_kms_demo
AWS_PROFILE=your-profile AWS_REGION=eu-west-1 cargo run --package storage-factory --example iota_address_faucet_demo

AWS Configuration Required for Testing:

• Valid AWS profile with KMS permissions
• Proper IAM role setup for assume role (documented in doc/aws-setup.md)
• Region configuration (tested with eu-west-1)

Change checklist

• I have followed the contribution guidelines for this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I have checked that new and existing unit tests pass locally with my changes
• I have updated the documentation (comprehensive .md files in /doc)
• I have updated the CHANGELOG.md, if my changes are significant enough

Proposal Review Points

Architecture Benefits:

• Modularity: Clean separation enables independent adapter development
• Security: Private keys never leave AWS KMS HSMs, implementing enclave principle
• Enterprise Ready: Support for AWS profiles, IAM roles, and comprehensive audit logging
• Extensible: Builder pattern ready for future adapters (passkey, Azure, Google Cloud KMS)

Files Added/Modified:

• Core restructured: core/secret-storage/

• New adapter: adapters/aws-kms-adapter/ (complete implementation)

• New application: applications/storage-factory/ (builder pattern)

• Comprehensive documentation suite in /doc

• E2E Example: applications/storage-factory/examples/iota_kms_demo.rs

⚠️ Recommendation: This proposal should be reviewed by architecture team and stakeholders before merge due to the significant structural changes
involved.