fix(proto): reject reserved overlay flags

The MVP overlay reserves its flags field for later features such as
fragmentation or payload encryption, but version 1 does not define any flag
semantics. Accepting nonzero flags would let unknown behavior silently traverse
the relay and reach the tunnel endpoints.

Make zero the only valid v1 flag value. Overlay encoding and decoding now reject
reserved nonzero flags, production send paths use the explicit
OVERLAY_FLAGS_NONE constant, and the relay emits forwarded datagrams with the
same zero-flag policy instead of preserving peer-supplied bits.

Document the reserved-flag rule in the protocol crate overview.

Test Plan:
- cargo test -p lanparty-proto overlay
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings
- cargo fmt --check
- git diff --check

Refs: PLAN.md no-fragmentation MVP overlay format

crates/lanparty-client-core/src/lib.rs

@@ -27,7 +27,7 @@ use lanparty_ctrl::{
 };
 use lanparty_obs::{DropReason, QuicDiagnostics, TunnelStats};
 use lanparty_proto::{
-    EthernetFrame, FrameType, MacAddr, decode_datagram, encode_datagram,
+    EthernetFrame, FrameType, MacAddr, OVERLAY_FLAGS_NONE, decode_datagram, encode_datagram,
     gateway_lan_safety_drop_reason, remote_client_safety_drop_reason, validate_datagram_budget,
 };
 use quinn::{ClientConfig, Endpoint, crypto::rustls::QuicClientConfig};
@@ -401,7 +401,7 @@ impl ClientRelayIo {
             FrameType::Ethernet,
             self.welcome.room_id(),
             self.welcome.peer_id(),
-            0,
+            OVERLAY_FLAGS_NONE,
             frame,
         )
         .context("failed to encode client Ethernet datagram")?;