fix: normalize SodiumHandler params and padding failures

[gr8man]

This PR fixes bugs and improves the validation and error handling logic of the encrypt and decrypt methods in the SodiumHandler.

Key changes:

• Fixed runtime params handling: blockSize can now be passed without also passing key, while ['key' => null] falls back to the configured instance key.
• Unified Key Validation: Added key length validation (SODIUM_CRYPTO_SECRETBOX_KEYBYTES) to ensure invalid Sodium keys throw EncryptionException instead of native Sodium errors.
• Normalized Padding Errors: Wrapped sodium_unpad() failures so mismatched blockSize during decrypt throws EncryptionException.
• Refactored Params Parsing: Simplified the extraction of $key and $blockSize from the $params array.
• Code Cleanup: Removed redundant inline comments to improve code readability.

[michalsn]

Please rename the new testBug* methods to behavior-focused names. For example, testBug2InvalidKeyLengthThrowsSodiumException() expects EncryptionException, so the current name is misleading.

I also think testBug1MemzeroZeroesInternalKey() and testBug4OriginalDataIsNotZeroed() are questionable as regression tests. Can we either remove them or rewrite them around the actual behavior we want to protect?

[michalsn]

Looks good, thank you. Please add a changelog entry.

For future PRs, please use the PR template when writing the description.