feat(extraction): support CC 2.1.113 Bun-native-binary distribution

Anthropic shipped CC v2.1.113 on 2026-04-17 with a fundamental distribution
change per their changelog:

  "Changed the CLI to spawn a native Claude Code binary (via a per-platform
  optional dependency) instead of bundled JavaScript"

The main @anthropic-ai/claude-code npm package went from 49.3 MB (containing
cli.js) to 132 KB (containing only cli-wrapper.cjs + install.cjs + a
500-byte bin/claude.exe stub). The real application now lives in 8
per-platform packages:

  @anthropic-ai/claude-code-darwin-arm64    (204.5 MB)
  @anthropic-ai/claude-code-darwin-x64      (206.0 MB)
  @anthropic-ai/claude-code-linux-x64       (236.4 MB)
  @anthropic-ai/claude-code-linux-arm64     (236.7 MB)
  @anthropic-ai/claude-code-linux-x64-musl  (230.7 MB)
  @anthropic-ai/claude-code-linux-arm64-musl(229.4 MB)
  @anthropic-ai/claude-code-win32-x64       (245.9 MB)
  @anthropic-ai/claude-code-win32-arm64     (242.7 MB)

KEY FINDING: The binaries are Bun-compiled SEAs, NOT Rust/Go rewrites.
Verified via `__BUN` Mach-O section, `StandaloneModuleGraph` trailer
(\"\n---- Bun! ----\n\"), and Bun-specific APIs (Bun.env, BunCString, etc.)
in the darwin-arm64 binary. The JavaScript source is embedded as
NUL-terminated plaintext in the `__BUN` section and can be extracted
via `strings -n 10`.

IMPLEMENTATION:
extract-cc-bundle.ts branches on version at NATIVE_BINARY_MIN_VERSION:
 - <2.1.113: existing cli.js extraction from npm tarball (unchanged)
 - >=2.1.113: download platform-specific tarball, extract native binary,
   run `strings -n 10` to produce a cli.js-equivalent text file. The
   downstream extract-fingerprint.ts regex pipeline works unchanged
   because the JS source is stored verbatim.

INGESTED 2.1.113 MANIFEST (zero inference tokens, ~2s end-to-end):

  manifests/candidate/claude-code/2.1.113.json
  manifests/candidate/claude-code/index.json (latest bumped to 2.1.113)
  docs/cc-versions/2.1.113.md

Diff 2.1.112 -> 2.1.113:
 - 1 critical: headers.userAgent.value version bump (expected)
 - 3 sensitive: x-stainless-helper extraction promoted from 'heuristic'
   confidence to 'high' confidence (the binary string pool exposes the
   pattern more clearly than the minified JS)
 - 4 low-risk: version metadata + tarball hash/URL
 - ZERO beta-set changes (30 flags unchanged)
 - ZERO OAuth scope/client changes

Verified end-to-end:
 - 30 betas, 2 OAuth client IDs, 5 scopes extracted from v2.1.113 binary
 - Full fingerprint pipeline runs ~2 seconds (download + extract + regex)
 - 1332/1332 tests pass, typecheck clean, lint clean

Known extraction gaps (deferred):
 - UA template extracts as null (template literal in JS source, not
   materialized as contiguous string; live capture gives us the value)
 - CCH billing salt extracts as null (similarly template-constructed)
 Both unblock via live capture; not Phase 1 blockers.

Evidence:
 .sisyphus/evidence/phase-1-claim-validation/2026-04-17/SANITY-CHECK-FINDINGS.md
 4 parallel investigation agent results (librarian x3, explore x1)