feat(prober): publish attacker.fingerprinted on the bus (DEBT-031)

Each successful JARM / HASSH / TCPfp probe fans out an
attacker.fingerprinted event; the probe family goes in event.type so a
single subscription covers all three.  Payload carries the attacker IP,
port, and probe-specific hash — enough for the MazeNET live map to
render fingerprint info on observed attackers.

Lifts the thread-safe publisher helper out of the sniffer worker into
decnet/bus/publish.py so the prober (and every future worker with a
to_thread hot path) can reuse it without copy-pasting the
run_coroutine_threadsafe dance.  Sniffer rewires onto the shared helper
in passing.

Adds ATTACKER_FINGERPRINTED as a new leaf — distinct from
ATTACKER_OBSERVED (correlator's first-sight signal) because an active
probe result is additional evidence about an already-observed attacker.

Note: the plan's decky.{id}.state realism-probe publish path is
deferred — the current prober fingerprints attackers, not decky
realism.  Will revisit when realism probes exist.

tests/bus/test_topics.py

@@ -47,6 +47,7 @@ def test_segment_validation(bad: str) -> None:
 def test_attacker_builder() -> None:
     assert topics.attacker(topics.ATTACKER_OBSERVED) == "attacker.observed"
     assert topics.attacker(topics.ATTACKER_SCORED) == "attacker.scored"
+    assert topics.attacker(topics.ATTACKER_FINGERPRINTED) == "attacker.fingerprinted"
     # Dotted leaf is intentional — same as system.bus.health.
     assert topics.attacker(topics.ATTACKER_SESSION_STARTED) == "attacker.session.started"
     assert topics.attacker(topics.ATTACKER_SESSION_ENDED) == "attacker.session.ended"