fix(wsclient): surface dominant failure mode in fallback bail message

[sanity]

Problem

`get_state_with_legacy_fallback` swallows each probe's actual error into a `tracing::debug!` (silent in release) and bails with the generic `"no state found at current contract key or any of N legacy keys"` regardless of cause. This misrepresents transient gateway slowdowns (every probe times out at 180s) as permanent data loss — operators reading the freenet-stdlib mirror's 2026-05-14 Matrix alerts saw the misleading message and burned investigation time before realizing the contract still existed and the GETs were just timing out during peer-routing discovery.

#52 (Ian's recent NotFound handling in `get_state` + `update_state`) addressed the wire-level "NotFound looks like empty state" angle, but the fallback-level error message is still generic. After the gateway-side root cause fix in freenet/freenet-core#4133, this diagnostic safety net catches any future failure mode of similar shape.

Solution

Add `ProbeOutcome` classification (`Empty` / `NotFound` / `Timeout` / `OtherError`) and aggregate per-probe outcomes. The final bail message distinguishes:

• All timeouts → `"GET timed out on all N probe(s) after Xs each; gateway or peer routing may be unhealthy"` — clear transient signal.
• All NotFound / empty → original-style `"no state found"` message preserved for the genuine data-loss case.
• Mixed → per-probe summary so the operator sees exactly what each probe returned.

Classification reads `get_state`'s `bail!` message strings; pinned by `probe_outcome_classifies_get_state_errors` so a future change to those strings without updating this matcher trips the test rather than silently degrading the diagnostic.

No behavior change for success paths or legacy-migration semantics.

Testing

Four new unit tests in `wsclient::tests`:

• `probe_outcome_classifies_get_state_errors` (pin guard)
• `format_fallback_failure_all_timeouts_says_timed_out` (regression for the freenet-stdlib mirror false-alarm case)
• `format_fallback_failure_all_not_found_says_no_state` (preserves legitimate not-found message)
• `format_fallback_failure_mixed_surfaces_per_probe_detail` (per-probe summary)

All 65 freenet-git tests pass. fmt + clippy clean.

Release

Version bump `0.1.21 → 0.1.22` on top of `f91b516` (NotFound in `update_state`) which landed after the `release: 0.1.21` commit but before publish. Tag + `cargo publish` after merge.

[AI-assisted - Claude]

[sanity]

Multi-model review (skeptical) raised one medium-severity concern:

M1 (resolved in 31fa2e2): The string-match classifier could silently regress if `get_state`'s `bail!` messages were edited without updating `from_get_state_err`. The test re-asserted the literal strings rather than driving through the actual production sites, so a drift would leave both classifier and test passing while production regressed to the generic 'mixed outcomes' message.

Fix: extracted `GET_TIMEOUT_PREFIX` and `GET_NOT_FOUND_SUFFIX` as `const`s used at both the `bail!` sites in `get_state` and the classifier in `from_get_state_err`. The test now builds error strings using the same `const`s — so a future edit to either bail message must also update the `const`, and the classifier picks up the new prefix automatically.

Other findings deferred:

• M2 (NotFound substring matches UPDATE's bail too) — `get_state` is the only caller today; if anyone wires UPDATE into a fallback path later, this would need a more specific match. Acceptable for now.
• L1 (no distinct Transport variant) — `OtherError` carries the underlying message in mixed-outcomes detail; sufficient until WS-disconnect becomes a common enough failure mode to warrant its own bucket.
• L2 (empty-state semantics) — preserved existing migration-fallback behavior; no change needed.

[AI-assisted - Claude]

[sanity]

Codex review found two P3 issues, both fixed in d7e9d27:

• P3 Wire up WS API publish in freenet-git create #1 (resolved): all-timeout message hardcoded "push aborted" wording. Misleading when called from non-push paths (`rescue`, `fetch_repo_state`). Reworded to "operation aborted, state on the network is unknown".
• P3 Implement git-remote-freenet helper binary #2 (resolved): all-OtherError outcomes (e.g. WebSocket closed → every `send GET` fails the same way) were falling into the mixed-outcomes branch even though the failures are uniform — contradicting the dominant-outcome contract. Added a dedicated transport-error branch that surfaces the first underlying error verbatim.

`format_fallback_failure_all_transport_errors_says_transport` test added to pin the new branch.

All 31 wsclient tests pass.

[AI-assisted - Claude]