v0.29.2

Availability detection now correctly identifies unregistered domains across far more registries, and RDAP rate‑limiting no longer breaks lookups.

Fixes

• RDAP 404 is authoritative "available" — fixes registries that block port‑43 WHOIS but publish RDAP (e.g. SWITCH .ch). The 404 signal is shared via crate::rdap::rdap_error_is_404.
• DNS NXDOMAIN safety net — when RDAP fails for a non‑404 reason (429, bootstrap miss) and WHOIS is thin/blocked, an apex with no DNS presence is reported as likely‑available (method: dns_nxdomain, medium confidence). Applied in both avail (probes WHOIS + DNS concurrently) and smart lookup.
• Broader WHOIS "not found" matching — whitespace‑normalized so tab‑delimited Status:\tAVAILABLE (.be) matches, plus hkirc "has not been registered" (.hk/.香港) and audited ccTLD phrasings: KazNIC .kz/.қаз, TWNIC .tw, CONAC .政务/.公益, .ls, .africa, and a generic "object not found".
• Bounded RDAP 429 backoff + Retry‑After — a real rate limit (e.g. the shared Identity Digital RDAP host hit by a bulk sweep) now backs off and clears, honoring Retry-After but capped (5s, 3 attempts) so a sticky limit falls through to the WHOIS/DNS fallback fast instead of hanging.

Registered domains are never flipped to available (the RDAP‑200 veto and concrete‑WHOIS‑data checks are preserved). A cross‑TLD audit confirmed the RDAP‑404 + DNS‑net combo generalizes across the whole TLD space.

Full diff: #15