fix: clock skew tolerance 30s -> 5min (proven by Mac upload to NAT testnet)

MAX_FUTURE_SECS: 30 -> 300 (symmetric with MAX_MESSAGE_AGE_SECS).
Without this: 0/3 uploads from Mac with 31s clock skew.
With this: 3/3 uploads succeeded.

Author: grumbach

crates/saorsa-core/src/network.rs

@@ -1613,13 +1613,13 @@ impl P2PNode {
 /// can pass it directly to `send_message()`. This eliminates a spoofing
 /// vector where a peer could claim an arbitrary identity via the payload.
 ///
-/// Maximum allowed clock skew for message timestamps (5 minutes).
-/// This is intentionally lenient for initial deployment to accommodate nodes with
-/// misconfigured clocks or high-latency network conditions. Can be tightened (e.g., to 60s)
-/// once the network stabilizes and node clock synchronization improves.
+/// Maximum allowed clock skew for message timestamps.
+/// A decentralized network cannot assume participants have accurate clocks.
+/// Consumer devices commonly drift by minutes (no NTP, suspended laptops, VMs).
+/// Measured 31-42s skew between macOS client and NTP-synced VPS nodes.
 const MAX_MESSAGE_AGE_SECS: u64 = 300;
-/// Maximum allowed future timestamp (30 seconds to account for clock drift)
-const MAX_FUTURE_SECS: u64 = 30;
+/// Maximum allowed future timestamp — symmetric with the past window.
+const MAX_FUTURE_SECS: u64 = 300;
 
 /// Convenience constructor for `P2PError::Network(NetworkError::ProtocolError(...))`.
 fn protocol_error(msg: impl std::fmt::Display) -> P2PError {