test(fuzz): capability flags fuzz target (FCV-10 #2428)

[oferchen]

Per FCV-3 audit (PR #4407) pre-auth gap recommendation: fuzz the capability-string parser.

Summary

• Adds fuzz/fuzz_targets/capability_flags.rs covering the pre-auth capability-flag parser surface in protocol.
• A selector byte dispatches across the byte- and string-based entry points so libFuzzer can independently explore each parser.
• Wired entry points:
  • CompatibilityFlags::read_from (varint reader off the wire)
  • CompatibilityFlags::decode_from_slice / decode_from_slice_mut (slice + cursor variants)
  • KnownCompatibilityFlag::from_str (canonical CF_* identifier parser)
  • detect_negotiation_prologue (pre-handshake byte sniff)
  • NegotiationPrologue::from_str (identifier parser)
• Round-trips arbitrary CompatibilityFlags bit patterns through encode_to_vec + decode_from_slice so encoder/decoder divergence surfaces as a panic.
• Registers the new [[bin]] in fuzz/Cargo.toml and seeds the corpus at fuzz/corpus/capability_flags/seed_basic with the upstream rsync capability string LsfxCIvu.

negotiate_capabilities itself drives the full I/O exchange and is not a pure parser; its byte-level parser surface is reached through the CompatibilityFlags decoders covered here.

Test plan

• cargo +nightly fuzz run capability_flags -- -max_total_time=60
• CI fmt + clippy + nextest matrix