feat: add unhook() API with full restore and trampoline cleanup

[Copilot]

Review and implement the unhook code from codex/unhook-smoke-ci branch, with fixes identified during review.

New public API

• unhook(address) -> Result<(), SigHookError> — restores original bytes for hooks created by instrument, instrument_no_original, or inline_hook. Frees trampoline pages and cleans up all internal state.
• SigHookError::HookNotFound — returned when unhooking an address with no active hook.

let _ = instrument(addr, callback)?;
// ... hook is active ...
unhook(addr)?;
// original instruction restored

Internal changes

• state.rs: Add InlinePatchSlot array to store full original bytes for inline_hook patches (needed for restore). Add remove_slot, remove_inline_patch, remove_cached_original_opcode cleanup helpers.
• trampoline.rs: Add free_original_trampoline to munmap trampoline pages on unhook.
• inline_hook refactored: Now reads and caches original bytes before patching, enabling byte-exact restore. Includes rollback if patching fails.
• instrument_internal x86_64 improved: Pads full decoded instruction with int3 + NOP (was: single int3 byte). Derives original_opcode from original_bytes directly instead of a redundant 4-byte read.
• memory.rs: read_bytes ungated from x86_64-only (aarch64 inline_hook now needs it). Removed dead patch_far_jump and patch_u8.

Review fixes vs upstream branch

• Eliminated redundant read_bytes(address, 4) in instrument_internal — opcode derived from already-read original_bytes
• Removed unnecessary if step_len == 1 special case — patch_bytes_public handles single-byte patches
• Cleaned up redundant unsafe blocks per Rust 2024 edition semantics

Example & CI

• instrument_unhook_restore example: hooks calc, verifies 123, unhooks, verifies original 7
• Smoke tests added to all 4 CI jobs (macOS aarch64/x86_64, Linux aarch64/x86_64)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.