feat: make SOCKS5 proxy configurable per adapter

Add `proxy` config option to server (IRC), teams, telegram, and mumble
sections. IRC defaults to false (preserving current direct-connect
behavior); all others default to true. The `derp.http` module now
accepts `proxy=True/False` on urlopen, create_connection,
open_connection, and build_opener -- when false, uses stdlib directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/USAGE.md

@@ -32,6 +32,7 @@ All settings in `config/derp.toml`.
 host = "irc.libera.chat"    # IRC server hostname
 port = 6697                   # Port (6697 = TLS, 6667 = plain)
 tls = true                    # Enable TLS encryption
+proxy = false                 # Route through SOCKS5 proxy (default: false)
 nick = "derp"                 # Bot nickname
 user = "derp"                 # Username (ident)
 realname = "derp IRC bot"     # Real name field
@@ -1323,6 +1324,7 @@ required -- raw asyncio HTTP, same pattern as the webhook plugin.
 ```toml
 [teams]
 enabled = true
+proxy = true                        # Route outbound HTTP through SOCKS5
 bot_name = "derp"                   # outgoing webhook display name
 bind = "127.0.0.1"                  # HTTP listen address
 port = 8081                         # HTTP listen port
@@ -1418,6 +1420,7 @@ the shared plugin registry. Replies are sent immediately via `sendMessage`.
 ```toml
 [telegram]
 enabled = true
+proxy = true                        # Route HTTP through SOCKS5
 bot_token = "123456:ABC-DEF..."    # from @BotFather
 poll_timeout = 30                   # long-poll timeout in seconds
 admins = [123456789]                # Telegram user IDs (numeric)
@@ -1472,19 +1475,20 @@ this automatically: `!help@mybot` becomes `!help`.
 ### Transport
 
 All HTTP traffic (API calls, long-polling) routes through the SOCKS5
-proxy at `127.0.0.1:1080` via `derp.http.urlopen`. No direct outbound
-connections are made.
+proxy at `127.0.0.1:1080` via `derp.http.urlopen` when `proxy = true`
+(default). Set `proxy = false` to connect directly.
 
 ## Mumble Integration
 
 Connect derp to a Mumble server via TCP/TLS protobuf control channel.
-Text chat only (no voice). All TCP is routed through the SOCKS5 proxy.
-No protobuf library dependency -- uses a minimal built-in varint/field
-encoder/decoder for the ~7 message types needed.
+Text chat only (no voice). TCP is routed through the SOCKS5 proxy when
+`proxy = true` (default). No protobuf library dependency -- uses a
+minimal built-in varint/field encoder/decoder for the ~7 message types
+needed.
 
 ### How It Works
 
-The bot connects to the Mumble server over TLS (via SOCKS5), sends
+The bot connects to the Mumble server over TLS, sends
 Version and Authenticate messages, then enters a read loop. It tracks
 channels (ChannelState), users (UserState), and dispatches commands
 from TextMessage messages through the shared plugin registry.
@@ -1494,6 +1498,7 @@ from TextMessage messages through the shared plugin registry.
 ```toml
 [mumble]
 enabled = true
+proxy = true                        # Route TCP through SOCKS5
 host = "mumble.example.com"        # Mumble server hostname
 port = 64738                        # Default Mumble port
 username = "derp"                   # Bot username
@@ -1550,7 +1555,8 @@ unescapes entities. On send, text is HTML-escaped. Action messages use
 
 ### Transport
 
-All TCP connections route through the SOCKS5 proxy at `127.0.0.1:1080`
-via `derp.http.create_connection`. TLS is applied on top of the proxied
+TCP connections route through the SOCKS5 proxy at `127.0.0.1:1080`
+via `derp.http.create_connection` when `proxy = true` (default). Set
+`proxy = false` to connect directly. TLS is applied on top of the
 socket. Mumble commonly uses self-signed certificates, so `tls_verify`
 defaults to `false`.