Secret rotation may not reach members pruned from active list #110
Description
Problem
PR #109 introduced a dual-state membership model where members with valid invitations may not be in the active members list (they get pruned by post_apply_cleanup if they have no recent messages).
When a member is pruned from the active list but still has a valid invitation:
- They won't receive rotated secrets during a secret rotation
- When they rejoin (send first message), they might not be able to decrypt messages encrypted with the rotated secret
Steps to Reproduce (Theoretical)
- User accepts invite to a private room
- User gets pruned from active members list (no recent messages)
- Room owner rotates the room secret
- User sends their first message (re-added to active list)
- User may not be able to decrypt messages encrypted with the new secret
Expected Behavior
Members with valid invitations should either:
- Not be pruned if they have encrypted secrets, OR
- Receive the rotated secret when they rejoin
Suggested Test
User accepts invite → gets pruned → owner rotates secret → user sends message → verify decryption works
Context
Found during architectural review of PR #109. The build_rejoin_delta logic handles re-adding members, but secret distribution during rotation may not account for pruned-but-authorized members.
[AI-assisted - Claude]