fix(asteria-game): bound every external call with timeout(1) + drop AlwaysOrUnreachable from sdk_run_signal_safe
Two compounding bugs across all asteria-game test scripts: 1. socat (eventually_alive, finally_alive, parallel_driver_heartbeat) and the asteria-* binaries (asteria_player, admin_singleton, bootstrap, asteria_consistency) have no internal deadlines. Composer's per-command cap is ~16 s for parallel/eventually, ~54 s for finally. When upstream stalls (indexer slow to reply, N2C handshake hung under partition, container restart), the wrapping bash gets SIGKILLed BEFORE the binary returns; the sdk_run_signal_safe wrapper never executes its rc check; composer assigns synthetic exit 1 and flags the script under "Always: Commands finish with zero exit code". Fix: every external call now has an explicit `timeout N` wrapper sized under composer's per-command-type cap (1 s for socat probes, 12 s for parallel/anytime, 25 s for serial, 30 s for finally binary; 10 s settle for the consistency check, total 40 s). 2. sdk_run_signal_safe absorbed signal-induced exits via sdk_unreachable, but AlwaysOrUnreachable with hit:true + condition:false IS a finding. Now uses sdk_sometimes_optional (must_hit:false) so absorbed signals are observation-only. Same precedent as PR #137's eventually_alive cold_start fix. Smoke-tested locally — `timeout 0.1 sleep 5` exits 124 → sdk_run_signal_safe maps it to a Sometimes/must_hit:false event and returns 0; the JSONL emit shows must_hit:false as expected. Together this addresses every finding category we saw in the multi-run flake survey: - Always: Commands finish with zero exit code (× 3 scripts) - Always: stub eventually_alive cold_start (handled in PR #137) - Sometimes: stub eventually_alive cold_start (handled in PR #137)
