fix(core): close HIGH ASVS findings V7.1.1 and correctness bugs BUG-1..6

- V7.1.1: /swarm/check no longer returns raw exception text; logs detail
  server-side, returns generic 'probe failed'.
- BUG-1: register EditAction -> SSHDriver so edit ticks no longer crash.
- BUG-2: topology reconcile matches generator-named deckies by
  expected-name membership instead of a hyphen heuristic.
- BUG-3: intel provider lookups acquire the per-provider semaphore so
  declared concurrency bounds are enforced.
- BUG-4: RuleIndex.install evicts a rule from kinds it no longer applies to.
- BUG-5: UnixSocketBus.connect() is lock-guarded with a double-check so
  concurrent first-connects open exactly one socket and reader task.
- BUG-6/V5.1.3: multi-token JSON-field search binds each token to a
  distinct parameter instead of collapsing to the last value.

Regression tests added for every fix, verified red-before/green-after.
V4.1.1c/V12.1.1 (updater master-CN gate) and V12.5.1 (tarball include-list)
confirmed already fixed in prior commits and left untouched.

decnet/web/router/swarm/api_check_hosts.py

@@ -59,6 +59,9 @@ async def api_check_hosts(
                 detail=body,
             )
         except Exception as exc:
+            # Log the real exception server-side; never surface internal
+            # exception text (file paths, TLS internals, library guts) to the
+            # caller. Same fail-closed posture as the global 500 handler.
             log.warning("swarm.check unreachable host=%s err=%s", host["name"], exc)
             await repo.update_swarm_host(host["uuid"], {"status": "unreachable"})
             return SwarmHostHealth(
@@ -66,7 +69,7 @@ async def api_check_hosts(
                 name=host["name"],
                 address=host["address"],
                 reachable=False,
-                detail=str(exc),
+                detail="probe failed",
             )
 
     results = await asyncio.gather(*(_probe(h) for h in hosts))