Release 0.7.2 — Fuzz-found DFS V2 bounds fix + cargo-fuzz harness

Release 0.7.1 — Tree::download for concurrent streaming reads

- `Tree::download(&self, &mut Connection, path)` — new public method, mirrors `SmbClient::download` but accepts a borrowed `Connection` so callers holding a `conn.clone()` can drive concurrent downloads on one SMB session.
- `Tree::open_file` and `FileDownload::new` promoted from `pub(crate)` to `pub` for custom chunk loops.
- `SmbClient::download` now delegates to `Tree::download` (zero behavior change).
- 4 new unit tests (happy path, CREATE error, drop mid-stream, two downloads racing on cloned connections) + 1 Docker integration test.

Docs: Align CHANGELOG 0.7.0 with what actually shipped

- Merge former 'Unreleased' section into 0.7.0: Phase 3 Connection
  actor refactor (breaking), FileWriter::abort, compound-split
  tolerance, receiver-task teardown on unrecoverable frame errors,
  dropped-future cleanup, migration guide
- Update release date 2026-04-15 → 2026-04-21 to match crates.io push

Audit fixes for `write_file_streamed`

Line-by-line audit against the MS-SMB2 spec found two bugs:

- Bugfix: chunk silently dropped when credits unavailable in the sliding loop. Added `stashed_chunk` to retry the pulled-but-unsent data on the next iteration instead of losing it. Could cause silent data corruption if the server was stingy with credit grants.
- Bugfix: missing `flush_handle()` before `close_handle()`. Data could remain in the server's write cache. Now matches `write_file_pipelined` behavior.
- Removed unnecessary `data.clone()` in WriteRequest construction (save len first, then move).

4 new stress/edge-case Docker integration tests (all passing):
- 100 MB stress test with 1 MB chunks
- 50 rapid sequential small file writes
- 5 MB single-chunk write (forces chunk splitting)
- Alternating 1-byte / 1 MB chunk sizes

docs: update readme, changelog, version

Add Kerberos credential cache (ccache) support

Parse MIT Kerberos ccache files (v3 and v4) to enable authentication
from cached TGTs or service tickets without requiring a password.

- ccache parser with 11 unit tests (fixture-based TDD)
- CCache lookup by SPN (service tickets) and realm (TGTs)
- Session::setup_kerberos_from_ccache() for the new auth path
- KerberosAuthenticator::authenticate_from_ccache() with two modes:
  cached service ticket (no KDC needed) or cached TGT (TGS only)
- load_ccache() reads from path or $KRB5CCNAME
- Integration test verified against real Windows AD DC

Add ErrorKind for high-level error classification

ErrorKind maps raw NTSTATUS codes into consumer-friendly categories:
AuthRequired, SigningRequired, AccessDenied, NotFound, SharingViolation,
DiskFull, ConnectionLost, TimedOut, Cancelled, SessionExpired, DfsReferral,
InvalidData, Other.

Consumers match on error.kind() instead of raw NtStatus codes:
  match client.read_file(&share, "photo.jpg").await {
      Err(e) => match e.kind() {
          ErrorKind::NotFound => ...,
          ErrorKind::AccessDenied => ...,
          ErrorKind::ConnectionLost => client.reconnect().await?,
          _ => return Err(e),
      }
  }

Protocol knowledge stays in the library. Consumers don't need to
understand NTSTATUS. error.status() still available for advanced use.

Added NtStatus::DISK_FULL. 8 new tests, 563 total.

Benchmark overhaul: F_NOCACHE, --skip-smb, 512KB chunks, findings doc

Benchmark fixes:
- Renamed "direct" to "smb" throughout (smb_runner.rs)
- Added --skip-smb flag to skip the smb crate (avoids hangs)
- Added per-operation 90s timeouts
- Added timestamped logging per operation
- Added "large" suite (3 x 50 MB)
- Reduced small suite from 500 to 100 files for faster iteration

F_NOCACHE on native downloads: macOS VFS cache made native appear
20x faster than reality (600 MB/s = faster than Gigabit wire speed).
With F_NOCACHE, native large downloads go from 249ms to 4.93s, and
smb2 (1.38s) is 3.6x faster.

Pipelined read chunk size: files <= MaxReadSize get one chunk (no
overhead), larger files use 512 KB chunks (enough for sliding window
concurrency with manageable per-chunk overhead).

docs/benchmark-findings.md: comprehensive raw data, context, chunk
size experiments, credit observations, and summary for README/blog.

Add structured logging via log crate

~35 log statements across 6 files with consistent level usage:
info for lifecycle events, debug for protocol details, trace for
byte-level data, warn for recoverable issues, error for failures.

Security: never logs passwords, session keys, or full signatures.
At most key lengths and first 4 sig bytes for correlation.

Added env_logger dev-dependency for RUST_LOG support in tests.
Updated AGENTS.md with log level definitions and usage guide.