feat: make all operational constants configurable via bouncer.toml

Replace hardcoded values across network, captcha, email, and cert
modules with BouncerConfig fields. All values have safe defaults
and are overridable in the [bouncer] section of the config file.

Configurable: probation_seconds, backoff_steps, nick_timeout,
rejoin_delay, http_timeout, captcha_poll_interval/timeout,
email_poll_interval/max_polls/request_timeout, cert_validity_days.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/CHEATSHEET.md

@@ -115,14 +115,14 @@ own-nick                        # own nicks shown without suffix
 ## Connection States
 
 ```
-DISCONNECTED -> CONNECTING -> REGISTERING -> PROBATION (15s) -> READY
+DISCONNECTED -> CONNECTING -> REGISTERING -> PROBATION (45s) -> READY
 ```
 
 | State | What happens |
 |-------|-------------|
 | CONNECTING | TCP + SOCKS5 + TLS handshake |
 | REGISTERING | Random nick/user/realname sent to server |
-| PROBATION | 15s wait, watching for K-line |
+| PROBATION | 45s wait (configurable), watching for K-line |
 | READY | Switch to configured nick, join channels |
 
 ## Auth Cascade
@@ -142,6 +142,12 @@ SASL EXTERNAL (cert + creds) > SASL PLAIN (creds) > NickServ IDENTIFY
 ```toml
 [bouncer]
 bind / port / password
+captcha_api_key                   # NoCaptchaAI key (optional)
+captcha_poll_interval / captcha_poll_timeout
+probation_seconds / nick_timeout / rejoin_delay
+backoff_steps / http_timeout
+email_poll_interval / email_max_polls / email_request_timeout
+cert_validity_days
   [bouncer.backlog]
     max_messages / replay_on_connect
 
@@ -189,6 +195,7 @@ src/bouncer/
   network.py     # server connection + state machine + SASL
   client.py      # client session handler
   cert.py        # client certificate generation + management
+  captcha.py     # hCaptcha solver via NoCaptchaAI
   commands.py    # 25 bouncer control commands (/msg *bouncer)
   router.py      # message routing + backlog trigger
   server.py      # TCP listener