refactor: stabilize SSH runtime and add exec interface

[m1ngsama]

Summary

This PR moves TNT closer to a real Unix-style SSH utility by fixing the connection model, removing the most dangerous blocking paths, and adding a scriptable exec interface.

What changed

• moved SSH handshake/auth/channel setup out of the main accept loop into detached bootstrap workers
• replaced room-wide synchronous fan-out with room update sequencing and per-client refresh
• switched the interactive read loop to ssh_channel_poll_timeout() plus blocking reads so idle sessions do not get dropped incorrectly
• added SSH exec commands: help, health, users, stats --json, tail, and post
• added PTY window-change handling so interactive sessions react to terminal resize
• made state directory handling explicit and auto-created for -d/--state-dir and TNT_STATE_DIR
• aligned room capacity with TNT_MAX_CONNECTIONS
• split per-IP concurrency from per-IP connection-rate control:
  • TNT_MAX_CONN_PER_IP now means concurrent sessions per IP
  • TNT_MAX_CONN_RATE_PER_IP controls new connections per IP per 60 seconds
• hardened log loading with stricter UTF-8 and UTC timestamp parsing
• added exec-mode regression coverage, added connection-limit regression coverage, and fixed the stress harness so it exercises concurrency instead of tripping rate limiting

Validation

Tested on oss:

• tests/test_basic.sh
• tests/test_anonymous_access.sh
• tests/test_security_features.sh
• tests/test_exec_mode.sh
• tests/test_connection_limits.sh
• tests/test_stress.sh 20 10

Live service verification on oss after deploy:

• ssh -p 2222 localhost health -> ok
• ssh -p 2222 chat.m1ng.space stats --json
• /etc/default/tnt updated with TNT_MAX_CONN_RATE_PER_IP=60

Closes #13