C12: CLI subcommand crawlex fingerprint <url>

[filipeforattini]

Parent

#46

What to build

Add crawlex fingerprint <url> CLI subcommand. The subcommand constructs a minimal Crawler (HTTP-only, no queue, no storage), performs one fetch of the target URL, runs Fingerprinter::analyze_hot on the response, and prints the FingerprintReport as JSON to stdout. The subcommand reuses the same ImpersonateClient + Fingerprinter construction that production crawls use so the engine output is identical whether invoked from a crawl or from the CLI.

No flags in this slice — --deep-fingerprint and --audit-tls land in C13. This slice ships the base subcommand wiring + JSON output format.

Acceptance criteria

• crawlex fingerprint <url> subcommand exists and is dispatched by the main CLI binary
• Subcommand drives one fetch via ImpersonateClient and prints FingerprintReport as JSON
• JSON output is parseable by jq and includes all FingerprintReport top-level slots (cdn, waf, antibot, etc.)
• Subcommand exits non-zero on fetch failure (DNS, TLS, connection) with a human-readable error to stderr
• New integration test in tests/cli_fingerprint.rs drives the subcommand against a wiremock URL
• --help output documents the subcommand
• NDJSON regression byte-stable (CLI uses the same engine; no wire-event paths changed)

Blocked by

• C4: process_job HttpSpoof+Auto cutover to runner.run #56