feat: zero-copy full-tunnel mux + base64 off mux thread

[dazzling-no-more]

Summary

Performance refactor of the full-tunnel mode hot data path. Two headline wins, both internal — wire protocol unchanged, no config or behavior changes.

1. Zero-copy reads via Bytes/BytesMut

tunnel_loop and the SOCKS5 UDP receive loop drop their per-iteration Vec::to_vec() copies. MuxMsg::{ConnectData,Data,UdpOpen,UdpData} now carry Bytes instead of Vec<u8>/Arc<Vec<u8>>; the Arc::try_unwrap dance for pending_client_data is gone (Bytes is already Arc-backed).

The TCP path is threshold-based to avoid a memory regression we identified in review:

• n ≥ 32 KB (half-buffer streaming): BytesMut::split().freeze() — saves the 64 KB memcpy on hot downloads.
• n < 32 KB (TLS records, HTTP/2 frames, idle keepalive): Bytes::copy_from_slice + buf.clear() — payload-sized retention, buffer reused. Without this split, bytes 1.x's whole-allocation refcount would pin a full 64 KB per queued tiny read under semaphore stall (worst case ~96 MB on a backpressured tunnel).

The UDP path takes the same lesson but applied earlier: a fixed Vec<u8> recv buffer + Bytes::copy_from_slice only after the 9 KB size guard. We tried recv_buf_from + split first; it pinned the full ~65 KB datagram allocation behind every queued DNS reply.

2. Base64 encoding moved off the single mux thread

A new internal PendingOp { data: Option<Bytes>, encode_empty: bool } flows through mux_loop with raw bytes. The actual B64.encode(...) happens in fire_batch's spawned task, after the per-deployment semaphore permit. Up to ~3 MB of encoding per batch (50 ops × 64 KB) no longer serializes the single mux task.

3. Code quality (drive-bys)

• New BatchAccum::push_or_fire collapses four near-identical match arms (~25 lines each) into ~10 lines each.
• should_fire(pending_len, payload_bytes, op_bytes) predicate extracted from the inline cap check, with saturating_add so the helper's contract is self-contained instead of relying on caller-side bounds.
• encode_pending(p) -> BatchOp extracted as a free function so the encoding contract — non-empty data → encoded, empty connect_data → Some(""), anything else empty → None — is directly testable.

Public API change

TunnelMux::udp_open and udp_data now take data: impl Into<Bytes> instead of Vec<u8>. Existing callers passing Vec<u8>, &'static [u8], Bytes, or BytesMut all keep compiling; no boundary change for in-tree consumers.

Test plan

• cargo build --bins --lib clean
• cargo test --lib passes — 208/208 (was 200, +8 new tests)
  • encode_pending_* × 4: non-empty data → base64; empty Data/UdpData/Close → d omitted; empty connect_data → d: ""; non-empty connect_data → encoded
  • should_fire_* × 3: first-op-never-fires; MAX_BATCH_OPS boundary; payload-cap boundary
  • batch_accum_reindexes_after_flush: post-flush reply indices restart at 0 (regression test for fire_batch's batch_resp.r.get(idx) lookup)