Add comprehensive security tests for quota management and relay functionality

- Introduced `relay_dual_lock_race_harness_security_tests.rs` to validate user liveness during lock hold and release cycles.
- Added `relay_quota_extended_attack_surface_security_tests.rs` to cover various quota scenarios including positive, negative, edge cases, and adversarial conditions.
- Implemented `relay_quota_lock_eviction_lifecycle_tdd_tests.rs` to ensure proper eviction of stale entries and lifecycle management of quota locks.
- Created `relay_quota_lock_eviction_stress_security_tests.rs` to stress test the eviction mechanism under high churn conditions.
- Enhanced `relay_quota_lock_pressure_adversarial_tests.rs` to verify reclaiming of unreferenced entries after explicit eviction.
- Developed `relay_quota_retry_allocation_latency_security_tests.rs` to benchmark and validate latency and allocation behavior under contention.

src/proxy/handshake.rs

@@ -131,8 +131,7 @@ fn auth_probe_scan_start_offset(
         return 0;
     }
 
-    let window = state_len.min(scan_limit);
-    auth_probe_eviction_offset(peer_ip, now) % window
+    auth_probe_eviction_offset(peer_ip, now) % state_len
 }
 
 fn auth_probe_is_throttled(peer_ip: IpAddr, now: Instant) -> bool {
@@ -997,6 +996,10 @@ mod auth_probe_scan_budget_security_tests;
 #[path = "tests/handshake_auth_probe_scan_offset_stress_tests.rs"]
 mod auth_probe_scan_offset_stress_tests;
 
+#[cfg(test)]
+#[path = "tests/handshake_auth_probe_eviction_bias_security_tests.rs"]
+mod auth_probe_eviction_bias_security_tests;
+
 #[cfg(test)]
 #[path = "tests/handshake_advanced_clever_tests.rs"]
 mod advanced_clever_tests;