feat(console): bounded ring buffer for FC stderr capture (#4)

When the Firecracker subprocess emits a guest kernel panic or init
failure, today's `Stdio::null()` for stderr leaves operators with no
diagnostic. This adds a self-contained `console` module (gated on the
`firecracker` feature) with a bounded ring-buffer capture:

- `ConsoleCapture::attach(stderr, config)` spawns a drainer thread
  that reads `ChildStderr` line-by-line into a `VecDeque<String>`
  behind a `Mutex`. Lock scope is push + evict only; no I/O under
  lock.
- Lines longer than `max_line_bytes` are truncated on a UTF-8 char
  boundary and suffixed with `…[truncated]`.
- `tail()` returns a chronologically-ordered snapshot; cheap clone
  under the lock.
- `shutdown()` flips an `AtomicBool` and best-effort joins with a
  200ms budget; on timeout the thread is leaked (preferable to a
  hung Drop). Idempotent. `Drop` calls it.
- Mutex poisoning recovers via `into_inner()` so a panicking holder
  doesn't strand the captured diagnostic.

No new external deps; pure `std::sync`/`std::thread`. The Firecracker
adapter is intentionally untouched — wiring is a follow-up.

Tests cover chronological order, eviction at capacity, UTF-8 safe
truncation, CRLF stripping, empty-line retention, post-EOF
persistence, idempotent shutdown, bounded-time Drop while the
drainer is mid-read, `max_lines=0` drain-without-store, and tail
recovery after deliberate mutex poisoning.

Co-authored-by: Drew Stone <drewstone329@gmail.com>

Author: tangletools