v0.2.0 — Complete the four half-built planes

Completes the four half-built planes to total CRUD coverage — 26 new MCP tools (144 total), each wearing the PLAN + PROVE trust substrate by construction, built test-first, adversarially redteamed, and live-proven on a real PVE 9.2 node where the operation is a reversible config-object edit.

Added

• Firewall objects (11) — aliases, IP-sets (+entries), security groups, options-set. Scope-aware (cluster/node/guest).
• HA rules (3) — the PVE 9 replacement for the deprecated HA groups; auto-detects the groups→rules migration.
• SDN (10) — zones, VNets, subnets. New objects stay pending until sdn_apply, so create→delete reverts cleanly with no production-network effect.
• TFA admin (2) — tfa_get, tfa_delete. TFA mutation is ticket-gated by PVE (not token-accessible); reads work via token. Enrollment out of scope.

Changed

• pyright scoped to src/ so the default run reflects the shipped package.

2126 tests, 0 skipped, ruff + pyright clean. Full breakdown in CHANGELOG.md.