Fix security and reliability issues identified in AI code review

[Copilot]

This PR addresses 8 critical security and reliability issues identified in the AI code review feedback, implementing minimal surgical fixes to improve the robustness of GABS without breaking existing functionality.

Key Security Improvements

Port Selection Vulnerability: Fixed randomInt() in bridgecfg.go that could generate negative port numbers due to improper handling of signed integers from raw bytes. The function now ensures non-negative values using proper bit masking and includes fallback error handling.

Process Termination Safety: Tightened process name matching in process/controller.go to prevent accidental termination of unrelated processes. Changed from substring matching to exact basename/path matching, addressing the risk of killing unintended processes on Linux/macOS systems.

Reliability & Configuration Fixes

Deterministic Backoff Issue: Fixed non-seeded random number generator in gabp/client.go that caused identical retry patterns across multiple GABS instances. Now properly seeds with nanosecond precision to ensure genuine randomization.

Version Accuracy: Replaced hard-coded "1.0.0" bridge version with actual runtime version using version.Get(), ensuring proper version reporting in GABP handshakes and eliminating potential compatibility issues.

Error Handling: Enhanced JSON marshaling error propagation in mirror.go resource handlers, replacing silent failures with proper error returns and structured error responses.

Data Serialization: Improved tool result handling by serializing non-text results as proper JSON instead of Go's %v string representation, ensuring consistent data format for AI agents.

Validation & Safety

Configuration Safety: Validated that GetGame() copy semantics are correct and safe, preventing accidental configuration mutations while maintaining expected behavior patterns. Added comprehensive test coverage to document this behavior.

Range Validation: Confirmed existing backoff parser already includes proper range validation to prevent invalid duration windows like "5s..100ms".

Example of Fixes

Before (vulnerable):

func randomInt() int {
    bytes := make([]byte, 4)
    rand.Read(bytes)
    return int(bytes[0])<<24 | ... // Could be negative
}

After (secure):

func randomInt() int {
    bytes := make([]byte, 4)
    if _, err := rand.Read(bytes); err != nil {
        return int(time.Now().UnixNano() & 0x7FFFFFFF) // Fallback
    }
    result := int(bytes[0])<<24 | int(bytes[1])<<16 | int(bytes[2])<<8 | int(bytes[3])
    return result & 0x7FFFFFFF // Ensure non-negative
}

All changes maintain backward compatibility while significantly improving security posture and operational reliability. Full test suite passes with 100% success rate.

Fixes #43.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.