Function encrypt_payload 

pub fn encrypt_payload(
    kem_public_key: &[u8],
    dsa_secret_key: &[u8],
    payload: &Payload,
    rng: &mut impl CryptoRng,
) -> Result<Bytes, CryptoError>

Encrypt a payload using the full hybrid cryptosystem pipeline.

Pipeline: ML-KEM-1024 key encapsulation → derive AES-256-GCM key from shared secret → encrypt payload → sign (KEM ciphertext || AES ciphertext) with ML-DSA-87.

Output format (all length-prefixed as u32 big-endian):

[kem_ct_len][kem_ct][nonce][sym_ct_len][sym_ct][sig_len][sig]

Errors

Returns CryptoError variants for any cryptographic operation failure.