Function deriveMediaEncryptionKey

deriveMediaEncryptionKey(
    clientState: ClientState,
    ciphersuite: CiphersuiteImpl,
    attachment: Pick<MediaAttachment, "sha256" | "type" | "filename">,
): Promise<Uint8Array<ArrayBufferLike>>
Derives the per-file encryption key for a media file shared in a group message (MIP-04 v2).

Key derivation:
```
exporter_secret = MLS-Exporter("marmot", "encrypted-media", 32)
context = "mip04-v2" || 0x00 || file_hash_bytes || 0x00 ||
          mime_type_bytes || 0x00 || filename_bytes || 0x00 || "key"
file_key = HKDF-Expand(exporter_secret, context, 32)
```
The key is deterministic for a given epoch + file, so re-encrypting the same file in the same epoch produces the same key but a different ciphertext (due to the random nonce).

The sha256, type, and filename fields of the attachment must be set. The MIME type is canonicalized automatically.
Parameters
- clientState: ClientState
  The current MLS ClientState for the group
- ciphersuite: CiphersuiteImpl
  The ciphersuite implementation used by the group
- attachment: Pick<MediaAttachment, "sha256" | "type" | "filename">
  The attachment containing sha256, type, and filename
Returns Promise<Uint8Array<ArrayBufferLike>>
32-byte ChaCha20-Poly1305 encryption key
- Defined in ../home/robert/Projects/marmot-ts/src/core/media.ts:160