feat(server::key_holder): unique index on (root_key_id, nonce) to avoid nonce reuse

server/crates/arbiter-server/migrations/2026-02-14-171124-0000_init/up.sql

@@ -1,12 +1,3 @@
-create table if not exists aead_encrypted (
-    id INTEGER not null PRIMARY KEY,
-    current_nonce blob not null default(1), -- if re-encrypted, this should be incremented
-    ciphertext blob not null,
-    tag blob not null,
-    schema_version integer not null default(1), -- server would need to reencrypt, because this means that we have changed algorithm
-    created_at integer not null default(unixepoch ('now'))
-) STRICT;
-
 create table if not exists root_key_history (
     id INTEGER not null PRIMARY KEY,
     -- root key stored as aead encrypted artifact, with only difference that it's decrypted by unseal key (derived from user password)
@@ -18,6 +9,21 @@ create table if not exists root_key_history (
     salt blob not null -- for key deriviation 
 ) STRICT;
 
+create table if not exists aead_encrypted (
+    id INTEGER not null PRIMARY KEY,
+    current_nonce blob not null default(1), -- if re-encrypted, this should be incremented
+    ciphertext blob not null,
+    tag blob not null,
+    schema_version integer not null default(1), -- server would need to reencrypt, because this means that we have changed algorithm
+    associated_root_key_id integer not null references root_key_history (id) on delete RESTRICT,
+    created_at integer not null default(unixepoch ('now'))
+) STRICT;
+
+create unique index if not exists uniq_nonce_per_root_key on aead_encrypted (
+    current_nonce,
+    associated_root_key_id
+);
+
 -- This is a singleton
 create table if not exists arbiter_settings (
     id INTEGER not null PRIMARY KEY CHECK (id = 1), -- singleton row, id must be 1