feat: add human detection scoring and webhook notifications

Implement phase 2.1 (human detection) and 2.2 (notifications):

- Detection scorer computes 0.0-1.0 human likelihood from keystroke
  timing variance, special key usage, typing speed, command diversity,
  and session duration
- Webhook notifier sends JSON POST to configured endpoints with
  deduplication, custom headers, and event filtering
- RecordingChannel gains an event callback for feeding keystrokes
  to the scorer without coupling shell and detection packages
- Server wires scorer into session lifecycle with periodic updates
  and threshold-based notification triggers
- Web UI shows human score in session tables with highlighting
- New config sections: [detection] and [[notify.webhooks]]

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

oubliette.toml.example

@@ -31,3 +31,13 @@ retention_interval = "1h"
 hostname = "ubuntu-server"
 # banner = "Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-89-generic x86_64)\r\n\r\n"
 # fake_user = ""  # override username in prompt; empty = use authenticated user
+
+# [detection]
+# enabled = true
+# threshold = 0.6          # 0.0–1.0, sessions above this trigger notifications
+# update_interval = "5s"   # how often to recompute the score during a session
+
+# [[notify.webhooks]]
+# url = "https://ntfy.example.com/honeypot"
+# headers = { Authorization = "Bearer your-token" }
+# events = ["human_detected", "session_started"]  # empty = all events