Add instrumented reboot/elapsed-time regression test for NIP-55 expiry

[kwsantiago]

Context

PR #302-follow-up (branch nip55-engine-permission-policy) moved NIP-55 permission expiry/clamp/resolution logic from Kotlin into the Rust uniffi policy (keep-mobile/src/nip55_policy.rs, pinned via keep.version). The old JVM unit tests in PermissionModelTest.kt that covered security-relevant expiry edge cases were removed.

Gap

Those edge cases now live only in the Rust #[cfg(test)] suite. The Android instrumented suite (PermissionStoreIntegrationTest) only exercises basic expiry via cleanupExpiredRemovesOldPermissions. The following anti-tamper cases are no longer covered on the Android side:

• Clock-manipulation detection (wall-clock moved backwards)
• Reboot / monotonic-elapsed-time regression (SystemClock.elapsedRealtime rewind)
• Wall-clock fallback when createdAtElapsed == 0

Why it matters

Without an instrumented case crossing the FFI boundary, a bad keep.version uniffi pin could silently regress the anti-tamper expiry behavior and no Android-side test would catch it.

Ask

Add at least one instrumented test (app/src/androidTest/...) that drives PermissionStore decision/expiry across a simulated reboot/elapsed-time regression, so a regression in the pinned Rust policy fails an Android test.

Source: Stage-1 pr-review finding, PermissionModelTest.kt:46.

[kwsantiago]

Related: privkeyio/keep#597 tracks a sibling clock concern in the same NIP-55 area: the challenge-nonce 5-minute window (nip55_caller.rs) uses monotonic Instant, which pauses during Android suspend (the old Kotlin used elapsedRealtime/BOOTTIME). The instrumented test asked for here should also drive the nonce store across a simulated suspend, so both expiry paths (permission-grant policy and caller nonce) are covered by one Android-side regression test.