feat: DECNET-PROBER standalone JARM fingerprinting service

Add active TLS probing via JARM to identify C2 frameworks (Cobalt Strike,
Sliver, Metasploit) by their TLS server implementation quirks. Runs as a
detached host-level process — no container dependency.

- decnet/prober/jarm.py: pure-stdlib JARM implementation (10 crafted probes)
- decnet/prober/worker.py: standalone async worker with RFC 5424 + JSON output
- CLI: `decnet probe --targets ip:port` and `--probe-targets` on deploy
- Ingester: JARM bounty extraction (fingerprint type)
- 68 new tests covering JARM logic and bounty extraction

decnet/prober/__init__.py

@@ -0,0 +1,13 @@
+"""
+DECNET-PROBER — standalone active network probing service.
+
+Runs as a detached host-level process (no container). Sends crafted TLS
+probes to discover C2 frameworks and other attacker infrastructure via
+JARM fingerprinting. Results are written as RFC 5424 syslog + JSON to the
+same log file the collector uses, so the existing ingestion pipeline picks
+them up automatically.
+"""
+
+from decnet.prober.worker import prober_worker
+
+__all__ = ["prober_worker"]