Refuse to start a per-node ETS store on a clustered BEAM.

Attesto's engine is pure and stateless, so it is cluster-safe by construction. The state (authorization codes, refresh-token families, seen DPoP jti values, DPoP nonces) lives behind storage behaviours whose contracts mandate atomic operations; a host implements them over a shared store (Postgres, Redis) for a multi-node deployment.

The bundled ETS reference implementations are deliberately single-node: a captured code/token/proof would be replayable once per node if a second node held its own ETS copy, silently breaking single-use, reuse detection, and replay rejection. Rather than let that misconfiguration go unnoticed, every ETS store calls assert_single_node!/2 at boot and raises if the BEAM is already clustered, unless the operator has explicitly acknowledged that they have wired a shared store and set the per-store :multi_node_acknowledged? option.