fix(proxy,resolver): fix Docker Hub library image pulls and slow manifest resolution

[p2pdkivenko]

Summary

• Fix broken pulls for Docker Hub official images (e.g. nginx, hylang, redis) — single-segment image names now get library/ prefix automatically
• Fix 5-8s resolution latency — content_type_matches() now correctly parses comma-separated Accept headers per RFC 7231, so the first matching 200 returns immediately instead of waiting for all fan-out responses
• Add 200ms grace period for fallback responses in parallel_lookup(), preventing full fan-out wait on content-type mismatch

Problem

1. docker pull kcr.infra.p2p.org/proxy/hylang:python3.12-trixie failed with 404 because Docker CLI doesn't prepend library/ when pulling through a custom registry (it only does this for docker.io directly). Harbor's Docker Hub proxy expects library/hylang, but we sent hylang.

2. docker pull kcr.infra.p2p.org/proxy/grafana/grafana:11.1.0 took 5-8s because content_type_matches() compared the entire comma-separated Accept header as a single media type — it never matched, so every request fell into the fallback path that waits for ALL fan-out responses to complete.

Changes

src/proxy.rs

• Add normalize_docker_library_image() using Cow<str> (zero-alloc for multi-segment names)
• Apply normalization in all three handler paths: manifests, blobs, tags
• Add 4 unit tests

src/resolver.rs

• Fix content_type_matches() to split Accept header values by comma before matching
• Add 200ms grace deadline in parallel_lookup() after first fallback 200
• Add test cases for comma-separated Accept, quality parameters, real Docker Accept header, embedded wildcards

Verification

• 112 tests pass (cargo test --all-features)
• cargo clippy --all-features -- -D warnings clean
• cargo fmt --check clean