fix: pure Python keypair generation, no wg CLI dependency

Replace subprocess calls to wg genkey/pubkey with cryptography
library's X25519PrivateKey. This eliminates the wg CLI dependency
for key generation, fixes device creation on machines without
wireguard-tools, and removes the event loop blocking that caused
WebSocket disconnects during device creation.

Also fix E2E test teardown to use a fresh engine for cleanup,
avoiding cross-event-loop issues with asyncpg connection pools.

tests/test_utils.py

@@ -103,18 +103,16 @@ def test_build_client_config_no_psk():
 # --- Crypto (only if wg is installed) ---
 
 
-async def test_generate_keypair():
-    """Test keypair generation — requires `wg` CLI to be installed."""
-    try:
-        subprocess.run(["wg", "--version"], capture_output=True, check=True)
-    except FileNotFoundError:
-        pytest.skip("wg CLI not installed")
-
+def test_generate_keypair():
+    """Test keypair generation (pure Python, no wg CLI needed)."""
     from wiregui.utils.crypto import generate_keypair, generate_preshared_key
 
-    priv, pub = await generate_keypair()
+    priv, pub = generate_keypair()
     assert len(priv) == 44  # base64-encoded 32 bytes
     assert len(pub) == 44
 
     psk = generate_preshared_key()
     assert len(psk) == 44
+
+    psk = generate_preshared_key()
+    assert len(psk) == 44