feat: Sprint 1 — production hardening, TLS lifecycle, CI coverage, lint cleanup

- Fix 3 client panics: replace .unwrap()/.expect() with proper error
  handling in rpc.rs (AUTH_CONTEXT lock), repl.rs (pending_member),
  and retry.rs (last_err)
- Add --danger-accept-invalid-certs flag with InsecureServerCertVerifier
  for development TLS bypass, plus mdBook TLS documentation
- Add CI coverage job (cargo-tarpaulin) and Docker build validation
  to GitHub Actions workflow, plus README CI badge
- Add [workspace.lints] config, fix 46 clippy warnings across 8 crates,
  zero warnings on all buildable crates
- Update Dockerfile for all 11 workspace members

crates/quicproquo-core/Cargo.toml

@@ -43,6 +43,9 @@ tokio               = { workspace = true }
 # Error handling
 thiserror           = { workspace = true }
 
+[lints]
+workspace = true
+
 [dev-dependencies]
 tokio               = { workspace = true }
 criterion           = { version = "0.5", features = ["html_reports"] }