feat(enrollment): implement token-based enrollment flow

Changes:
1. ✅ Updated SHA256SUMS with new ostp-server binary
2. ✅ Made oncp-master optional in deploy.sh (two deployment modes)
3. ✅ Added enrollment_token support to ostp-server
4. ✅ Updated config examples with token field

Deployment Modes:
- Mode 1 (Standalone): Connect to existing master with enrollment token
- Mode 2 (Full Stack): Deploy both master + server on one host

ostp-server Enrollment Flow:
1. Admin generates token on master: \oncp-master node token --expiry 60\
2. Node submits enrollment with token in config (psk: 'AUTO')
3. Master validates token (silent drop if invalid - security)
4. Admin approves node: \oncp-master node approve <node-id>\
5. Node receives PSK + IP from 10.X.0.0/16 pool
6. Update config with PSK, restart server

deploy.sh Features:
- Interactive mode selection
- Conditional oncp-master installation
- Automated token generation (full stack mode)
- Enrollment submission (standalone mode)

Config Examples:
- server.json.example: Full stack with local master
- server-enrollment.json.example: Standalone with token

Security:
- Token validation before enrollment acceptance
- Silent drop on invalid token (prevents enumeration)
- One-time use tokens with expiration
- IPAM automatic IP allocation from pool

Documentation:
- Updated README with deployment modes
- Added enrollment workflow explanation
- Security features documented
- CLI examples for both modes

dist/linux-x64/server.json.example

@@ -1,7 +1,7 @@
 {
-  "listen_addr": "0.0.0.0:443",
+  "listen": "0.0.0.0:443",
   "psk": "CHANGE_THIS_64_CHARACTER_HEX_PSK_GENERATED_WITH_OPENSSL_RAND",
-  "master_url": "http://127.0.0.1:8080",
+  "master_node_url": "http://127.0.0.1:8080",
   "country_code": "US",
-  "max_clients": 1000
+  "max_connections": 1000
 }