huddle 1.3.3 — hardening follow-up

A small fixes release on top of 1.3.2, from a multi-agent audit of the 1.3.2 changes. No wire-format change — fully compatible with 1.3.x and pre-1.3 peers.

Fixes

• Closed a dial-amplification regression. 1.3.2 capped the opportunistic host-address dial map, but once the cap was reached it still dialed without recording the attempt — so the per-announcer backoff stopped engaging and a flood of bogus room announcements could be turned into repeated outbound dials to an attacker-chosen address. The dial is now refused when the backoff can't be recorded, so both memory and dials stay bounded.
• SAS verification can't be starved by one peer. The in-memory SAS-handshake map now has a per-partner sub-cap in addition to the global cap, so a single peer can no longer fill it and block everyone else's verification.
• Slow SAS comparisons no longer time out mid-handshake. The SAS flow TTL is now anchored to code-visible time (and raised to 15 min), so reading the emoji/decimal codes aloud at a relaxed pace won't drop the handshake.
• Tighter relay pre-auth bound. The pre-WebSocket phase (peek + accept) now shares one timeout instead of two.
• Cleanup. Removed a dead branch in the GUI close path left by the 1.3.2 refactor (no behavior change).

All findings came from an adversarial multi-agent review; each fix was independently re-verified before release. Build, clippy, and the full test suite (136 lib + integration) are green.