FIX security audit: 9 vulnerabilities across kernel and userland

FIX security audit: 9 vulnerabilities across kernel and userland

CRITICAL:
- C3: heap.c corruption handlers — replace for(;;) infinite loop with
  schedule()+return, marking process ZOMBIE (exit_status=128)

HIGH:
- H1: syscall.c FCNTL_F_DUPFD_CLOEXEC — replace plain refcount++ with
  __sync_fetch_and_add for SMP atomicity
- H2: ulibc stdlib.c free() — add iteration limit (1024) and null-ptr
  guard to backward coalescing search to prevent infinite loop on
  corrupted next_free chain
- H3: ulibc stdio.c vfprintf — increase buffer 1024→4096, write full
  buffer on truncation instead of silently capping

MEDIUM:
- M1: sed.c parse_cmd — add regfree cleanup for addr1/addr2 regexes
  when parse_cmd fails after compilation
- M2: grep.c — fix -e option to extract pattern from same arg
  (-ePATTERN) or next arg (-e PATTERN)
- M4: syscall.c FUTEX_WAIT — accept timespec* timeout via arg3 instead
  of fixed 5000-tick (~100s); supports zero-timeout poll; update
  futex.h/futex.c/pthread.c/fulltest.c ABI

LOW:
- L1: dd.c parse_size — use long/strtol to prevent integer overflow on
  large values (e.g. bs=2048M)
- L2: init.c parse_inittab — warn when /etc/inittab exceeds 2047-byte
  buffer (truncation detection)

cppcheck:
- fulltest.c: initialize oldact struct to silence uninitvar warning

Tests: 120/120 QEMU, 152/152 battery, 111/111 host — zero regressions