Harden reliability: DNS safety, GLIBC fix, NoizDNS hosting, Xray v2.0+

DNS safety:
- Add EXIT trap to auto-fix DNS if script crashes or is interrupted
- Back up resolv.conf and sshd_config before any modification
- Lock resolv.conf with chattr +i so systemd-resolved restarts can't break it
- Disable systemd-resolved in hard-stop fallback to prevent reboot issues
- Fix preflight DNS: overwrite dead stub instead of appending
- Fix uninstall DNS check: use getent+curl instead of host/nslookup

microsocks GLIBC:
- Wait for dpkg lock (up to 60s) before installing build tools
- Proactively check GLIBC compatibility after dnstm install

NoizDNS:
- Host binaries in our own GitHub release for reliability
- Validate binary with file command instead of unreliable -help flag

3x-ui / Xray backend:
- Use x-ui binary for setting credentials (handles bcrypt hashing)
- Set panel port via binary, not just sqlite3
- Login URL probing validates JSON response, not just non-empty
- Detect bcrypt-hashed passwords and prompt user

Other:
- Add Management TUI section to setup completion summary

Author: SamNet-dev