Hi Rob,
Probably the best thing to do is have a look at SqueakSSL. It has a method to lookup OS Provided crypto modules. Marcel is currently supporting it. I wouldn't suggest adding libsodium to it but instead use it as a framework to support the same smalltalk api and then add to it whatever you believe is needed that you don't get from OpenSSL.
Building SqueakLibSodium as a Plugin makes the most sense to me. It would be nice if we could find a good way to find a way to keep both packages in sync but having them as different packages seems much safer. I'm happy to be convinced otherwise.
All the best,
Ron Teitelbaum