Fix stego CLI examples in README with accurate syntax

The stego examples used nonexistent -i flags. Replace with actual
CLI syntax: positional CARRIER argument, -r/--reference for shared
photo, -m/--message for text, -f/--file for file payload. Add
comprehensive examples covering encode, decode, dry-run, DCT mode,
audio stego, credential generation, and channel key management.
Also fix attest examples to match actual CLI commands.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

README.md

@@ -155,17 +155,71 @@ soosef [--data-dir PATH] [--json] COMMAND
 
 ### Steganography commands (`soosef stego`)
 
+Stegasoo uses multi-factor authentication: a **reference photo** (shared image both
+parties have), a **passphrase** (4+ words), and a **PIN** (6-9 digits). All three are
+required to encode or decode. The passphrase and PIN are prompted interactively
+(hidden input) if not provided via options.
+
 ```bash
-soosef stego encode -i cover.png -m "secret message" -o output.png
-soosef stego decode -i output.png
+# Encode a text message into an image
+# CARRIER is the image to hide data in, -r is the shared reference photo
+soosef stego encode cover.png -r shared_photo.jpg -m "Secret message"
+#   Passphrase: ****  (prompted, hidden)
+#   PIN: ****          (prompted, hidden)
+#   -> writes encoded PNG to current directory
+
+# Encode with explicit output path
+soosef stego encode cover.png -r shared_photo.jpg -m "Secret" -o stego_output.png
+
+# Encode a file instead of text
+soosef stego encode cover.png -r shared_photo.jpg -f document.pdf
+
+# Dry run — check capacity without encoding
+soosef stego encode cover.png -r shared_photo.jpg -m "Secret" --dry-run
+
+# Decode a message from a stego image (same reference + passphrase + PIN)
+soosef stego decode stego_output.png -r shared_photo.jpg
+#   Passphrase: ****
+#   PIN: ****
+#   -> prints decoded message or saves decoded file
+
+# Decode and save file payload to specific path
+soosef stego decode stego_output.png -r shared_photo.jpg -o recovered.pdf
+
+# DCT mode for JPEG (survives social media compression)
+soosef stego encode cover.jpg -r shared_photo.jpg -m "Secret" --platform telegram
+
+# Audio steganography
+soosef stego audio-encode audio.wav -r shared_photo.jpg -m "Hidden in audio"
+soosef stego audio-decode stego.wav -r shared_photo.jpg
+
+# Generate credentials
+soosef stego generate                 # Generate passphrase + PIN
+soosef stego generate --pin-length 8  # Longer PIN
+
+# Channel key management
+soosef stego channel status           # Show current channel key
+soosef stego channel generate         # Generate new channel key
+
+# Image info and capacity
+soosef stego info cover.png           # Image details + LSB/DCT capacity
 ```
 
 ### Attestation commands (`soosef attest`)
 
 ```bash
-soosef attest sign -i photo.jpg                  # Sign a file
-soosef attest verify -i photo.jpg                # Verify attestation
+# Attest an image (sign with Ed25519 identity)
+soosef attest IMAGE photo.jpg
+soosef attest IMAGE photo.jpg --caption "Field report" --location "Istanbul"
+
+# Batch attest a directory
 soosef attest batch ./photos/ --caption "Field report"
+
+# Verify an image against the attestation log
+soosef attest verify photo.jpg
+
+# View attestation log
+soosef attest log --limit 20
 ```
 
 ### Fieldkit commands (`soosef fieldkit`)