v1.10.2 - PoW deadlock & reverse-DNS timeout fixes

Patch release. Ships the server-go fixes merged since v1.10.1.

Fixes

• fix(server-go): PoW verification self-deadlock. VerifyPoWSolution held powStore.mu for its full body, then called MarkSolutionUsed/DeleteChallenge, which re-acquire the same non-reentrant mutex — hanging every valid PoW verification. Latent since v1.10.0. Now operates directly on the store under the already-held lock, and is covered by a new regression test. (#7)
• fix(detection): 2s timeout on reverse DNS lookup. net.LookupAddr had no timeout in CheckIPReputation, blocking request handlers 5–30s on residential IPs with unresponsive reverse-DNS servers. Now uses net.DefaultResolver.LookupAddr with a 2s context deadline. (#7)

Changes

• chore(server-go): gate pprof debug server behind FCAPTCHA_PPROF. The pprof listener (added in #7) is now opt-in and off by default; address overridable via FCAPTCHA_PPROF_ADDR (loopback default). (#8)

No API changes. Go server only; embedded version strings synced across package.json, client/fcaptcha.js, and server-python/server.py.