[codex] Guard pre-ready MCP notifications

[Atomics-hub]

Summary

• add release-audit smoke coverage proving pre-ready subprocess MCP notifications are dropped before downstream forwarding
• verify lifecycle still completes after the dropped notification
• assert raw pre-ready notification payloads are not returned or logged
• document the pre-ready notification no-passthrough guard in README, architecture, and roadmap

Why

The subprocess MCP proxy already gates request methods before lifecycle readiness. This adds explicit proof that client notifications cannot bypass that lifecycle boundary into the downstream MCP server before initialize and notifications/initialized complete.

Verification

Locally verified during the GitHub Actions billing outage:

• cargo fmt --check
• cargo test release_audit_subprocess_mcp_proxy_pre_ready_notification_smoke_drops_payload -- --nocapture
• cargo test
• cargo clippy --all-targets --all-features -- -D warnings
• cargo run --locked -- release-audit

GitHub Actions is expected to fail before code checkout while the account billing suspension is active, so this PR is intentionally draft/local-verified until Actions recovers.