Add fuzz tests, property-based tests, dead code detection, and docs CNAME

[cjimti]

Comprehensive testing upgrade adding Go native fuzz tests (OpenSSF Scorecard Fuzzing check), property-based tests with testing/quick and rapid, dead code detection tooling, and GitHub Pages custom domain fix.

Fuzz Tests (fuzz_test.go) -- OpenSSF Scorecard: Fuzzing 0 -> 10

10 fuzz tests covering every major API surface:

Fuzz Test	Coverage
FuzzParseHostsFromString	Core parser -- primary attack surface for arbitrary file content
FuzzRoundTrip	Parse -> render -> re-parse consistency
FuzzAddHost	Adding hosts with arbitrary IP/hostname
FuzzAddHostWithComment	Adding hosts with inline comments
FuzzRemoveHost	Removing by hostname
FuzzRemoveAddress	Removing by IP address
FuzzRemoveCIDRs	CIDR range removal with arbitrary strings
FuzzListOperations	All query methods (by IP, hostname, CIDR)
FuzzRemoveByComment	Comment-based removal
FuzzListHostsByComment	Comment-based listing
FuzzCombinedOperations	Interleaved add/remove sequences

All tests validate: no panics on arbitrary input, state consistency (rendered output always re-parseable), correct line types on ADDRESS entries.

Property-Based Tests (property_test.go)

6 testing/quick (stdlib) invariant tests:

• TestProperty_ParseRenderRoundTrip_AlwaysParseable -- rendered output is always valid
• TestProperty_AddHost_ThenLookup_FindsIt -- add then lookup always succeeds
• TestProperty_RemoveHost_ThenLookup_NeverFindsIt -- remove guarantees absence
• TestProperty_RemoveAddress_RemovesAllHostnames -- address removal is complete
• TestProperty_AddHost_InvalidIP_IsNoOp -- invalid IPs never modify state
• TestProperty_ParsedLineCount_MatchesInputLines -- parser preserves line count

7 rapid (pgregory.net/rapid) property tests with controlled generators:

• TestRapid_AddRemove_Symmetry -- add then remove restores absence
• TestRapid_AddHost_Idempotent -- duplicate adds don't create duplicates
• TestRapid_RemoveHost_Idempotent -- removing non-existent host is safe no-op
• TestRapid_BulkAddRemove_StateConsistency -- 5-30 random ops never corrupt state
• TestRapid_CommentOperations_Consistent -- add-with-comment / list / remove-by-comment cycle
• TestRapid_HostnameMoveBetweenAddresses -- re-adding to new IP removes from old
• TestRapid_RenderParse_PreservesAddressEntries -- render/re-parse preserves all entries

Dead Code Detection & Mutation Testing

• make dead-code target using golang.org/x/tools/cmd/deadcode
• make mutate target using gremlins mutation testing (60% threshold)
• 3 public API methods (Reload, RemoveByComments, HostAddressLookup) excluded from dead code check -- documented as public API for external consumers (e.g., kubefwd)

Public API Documentation

Updated doc comments on 3 exported methods to clarify their role as public API:

• Hosts.Reload -- for long-lived instances that re-read from disk
• Hosts.RemoveByComments -- bulk comment-based cleanup (kubefwd teardown)
• Hosts.HostAddressLookup -- direct address lookups by IP family

Docs CNAME

• Added docs/CNAME with txeh.txn2.com to fix GitHub Pages 404

Files Changed

 GNUmakefile      |  19 +++
 docs/CNAME       |   1 +
 fuzz_test.go     | 311 +++++++++++++++++++++++++++++
 go.mod           |   5 +-
 go.sum           |   2 +
 property_test.go | 505 +++++++++++++++++++++++++++++++++++++++++++++++
 txeh.go          |   9 +-
 7 files changed, 848 insertions(+), 4 deletions(-)

OpenSSF Scorecard Impact

Check	Before	After (expected)
Fuzzing	0	10

Combined with the enterprise-standards merge (already on master), next weekly scorecard run should also pick up: Security-Policy (0->10), SAST, Pinned-Dependencies, Token-Permissions.

[codecov]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️