feat: code porcelain hardening — security, perf, JSON, docs

Security (critical — write commands): - patch.py, checkout_symbol.py, semantic_cherry_pick.py: add contain_path() guard on ADDRESS file component; path-traversal addresses rejected (exit 1)

Security (medium): - code_check.py: validate --rules FILE via contain_path() before reading - grep.py: cap regex patterns at 512 chars to prevent ReDoS; surface re.error gracefully instead of crashing

Performance: - codemap.py, invariants.py: replace recursive _find_cycles() DFS with an iterative explicit-stack implementation; eliminates RecursionError risk on deeply-nested import graphs (depth > 1000 frames)

API / JSON consistency: - patch.py, checkout_symbol.py: add --json flag with structured output - index_rebuild.py: add --json flag to both 'status' and 'rebuild' subcommands - code_check.py, code_query.py: rename output_json → as_json for consistency

Documentation: - docs/reference/code-domain.md: JSON schemas for 4 newly-json commands, security notes for 3 write commands and grep, new muse grep and muse code-check reference sections

Tests (test_code_commands.py): - Path traversal rejection tests (patch, checkout-symbol, semantic-cherry-pick) - ReDoS guard tests (grep: >512-char pattern, invalid regex) - JSON output tests (index status --json, index rebuild --json, patch --json) - Iterative DFS regression (depth-600 chain, self-loop — no RecursionError)

Verification: mypy clean, typing_audit 0 violations, 3273/3273 tests green