25 May 2026 - Added server fingerprint to tunnel command

The Open tunnel command response now includes server_public_key_fingerprint, the SHA-256 fingerprint of the Xyte proxy's ed25519 SSH host key. Devices should verify this against the host key presented during the SSH handshake to prevent man-in-the-middle attacks; production firmware should treat a missing/null value as a hard error.