feat(v2.5.0): crypto_misuse JWT sig bypass + proof_drift Coq extraction detection

Add JWT signature bypass detection across Rust/Go/Python/JS (8 new tests):
- Rust: dangerous_insecure_decode (jsonwebtoken) → CryptoMisuse/Critical
- Go: jwt.ParseUnverified → CryptoMisuse/Critical
- Python/PyJWT: verify_signature:False, algorithms=["none"] → CryptoMisuse/Critical
- JS/jsonwebtoken: jwt.decode() without jwt.verify() → CryptoMisuse/Critical
- JS/jose: decodeJwt() without jwtVerify() → CryptoMisuse/Critical

Split OCaml Obj.magic detection: Coq extraction artifacts (type __ = Obj.t marker)
→ ProofDrift/High; hand-written OCaml → UnsafeTypeCoercion/Critical.

Add suppression rules 11+12 (Pest-parser unwraps, JIT memory taint) targeting
~6-8% FP reduction (12 rules total). Bump comment accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: hyperpolymath