feat: Sprint 1 — production hardening, TLS lifecycle, CI coverage, lint cleanup

- Fix 3 client panics: replace .unwrap()/.expect() with proper error
  handling in rpc.rs (AUTH_CONTEXT lock), repl.rs (pending_member),
  and retry.rs (last_err)
- Add --danger-accept-invalid-certs flag with InsecureServerCertVerifier
  for development TLS bypass, plus mdBook TLS documentation
- Add CI coverage job (cargo-tarpaulin) and Docker build validation
  to GitHub Actions workflow, plus README CI badge
- Add [workspace.lints] config, fix 46 clippy warnings across 8 crates,
  zero warnings on all buildable crates
- Update Dockerfile for all 11 workspace members

crates/quicproquo-client/src/lib.rs

@@ -15,6 +15,7 @@
 //! docs for details.
 
 use std::sync::RwLock;
+use std::sync::atomic::{AtomicBool, Ordering};
 
 pub mod client;
 
@@ -26,11 +27,23 @@ pub use client::commands::{
 };
 
 pub use client::repl::run_repl;
-pub use client::rpc::{connect_node, create_channel, enqueue, fetch_wait, resolve_user};
+pub use client::rpc::{connect_node, connect_node_opt, create_channel, enqueue, fetch_wait, resolve_user};
 
 // Global auth context — RwLock so the REPL can set it after OPAQUE login.
 pub(crate) static AUTH_CONTEXT: RwLock<Option<ClientAuth>> = RwLock::new(None);
 
+/// When `true`, [`connect_node`] skips TLS certificate verification.
+/// Set via [`set_insecure_skip_verify`]; read by the RPC layer.
+pub(crate) static INSECURE_SKIP_VERIFY: AtomicBool = AtomicBool::new(false);
+
+/// Enable or disable insecure (no-verify) TLS mode globally.
+///
+/// **Development only.** When enabled, all outgoing connections skip certificate
+/// verification, making them vulnerable to MITM attacks.
+pub fn set_insecure_skip_verify(enabled: bool) {
+    INSECURE_SKIP_VERIFY.store(enabled, Ordering::Relaxed);
+}
+
 #[derive(Clone, Debug)]
 pub struct ClientAuth {
     pub(crate) version: u16,