Deep audit implementation: kernel hardening + deterministic validation

[jack-chaudier]

Summary

This PR implements the deep-audit execution plan in two milestones:

1. Kernel hardening and correctness fixes (M1-M3)

• Added centralized user-pointer access validation (uaccess) and wired syscall paths to use it.
• Hardened IPC endpoint lifecycle (two-phase destroy, refcounted free) and wait object lifetime.
• Implemented channel-based wakeups with global thread tracking.
• Improved process lifecycle cleanup and zombie reaping behavior.
• Fixed kthread arg trampoline behavior.
• Fixed VMM unmap accounting and clone failure rollback paths.
• Fixed slab/page free-path classification for large allocations.
• Wired page fault handling into IDT exception path and updated current address space tracking.

2. Validation + docs + CI (M7)

• Added deterministic QEMU smoke/stress scripts.
• Added make smoke, make stress, and make check targets.
• Added CI workflow to build and run smoke checks.
• Added architecture and audit docs (docs/ARCH_V2.md, docs/AUDIT_2026-02.md) and refreshed status/workflow docs.

Validation

Ran locally on this branch:

• make clean && make all-user -j4
• make smoke
• make stress ITERATIONS=3
• make check

All commands passed.

Notes

• Existing worktree-local AGENTS.md remains untracked and is intentionally not part of this PR.
• Some pre-existing warnings remain outside this PR scope (largely in simulated userspace components and existing syscall-table cast patterns).

[jack-chaudier]

Fixed the smoke CI failure from missing ISO prerequisites.

What changed:

• CI now runs before build so Limine boot files are present.
• ISO rule now fails fast if Limine files or are missing, and verifies that is actually created.

This prevents false-success ISO steps that later fail in QEMU with .

Validation run locally:

• Running QEMU smoke checks...
  Smoke check passed: build/qemu-smoke.log
• Running QEMU smoke checks...
  Smoke check passed: build/qemu-smoke.log
  Validation check passed
  Both pass.

[jack-chaudier]

Follow-up with clean formatting:

Fixed the smoke CI failure from missing ISO prerequisites.

What changed:

• CI now runs make limine before build so Limine boot files are present.
• ISO rule now fails fast if Limine files or xorriso are missing, and verifies that ocean.iso is actually created.

This prevents false-success ISO steps that later fail in QEMU with missing ocean.iso.

Validation run locally:

• make smoke
• make check
  Both pass.