feat(cfw): add Apps Script + Cloudflare Worker alternative backend

[dazzling-no-more]

Summary

Adds an opt-in alternative backend for mode: "apps_script": deploy Code.cfw.gs (new GAS variant in assets/apps_script/) plus worker.js (Cloudflare Worker in assets/cloudflare/), and Apps Script becomes a thin auth+forward layer that pushes the outbound fetch to CF's edge. mhrv-rs itself is unchanged — same JSON envelope on the wire, same mode: "apps_script", script_id, auth_key. The only difference is what the deployed Apps Script does after it authenticates.

Closes the audit task on the v1.9.x roadmap (#380, #393).

Why

Recurring feedback (most recently in the Persian community) reports that the GAS+CFW combination feels noticeably faster than plain GAS for browsing and chat-style workloads. This PR ports the pattern from denuitt1/mhr-cfw into our deploy assets, hardened, with honest docs about what it does and doesn't deliver.

What ships

• assets/cloudflare/worker.js — Cloudflare Worker exit. Hardened over upstream:
  • Per-request AUTH_KEY check (upstream omits it → open relay if URL leaks).
  • Fail-closed if AUTH_KEY still equals the placeholder.
  • x-relay-hop loop guard + self-host fetch block.
  • Drops body on GET/HEAD to match Code.gs/UrlFetchApp permissiveness instead of throwing.
  • SKIP_HEADERS parity with Code.gs / Code.cfw.gs (priority, te included).
  • Batch handler: Promise.all over req.q, per-item {e} slots on partial failure, soft cap MAX_BATCH_SIZE = 40 paired with WORKER_BATCH_CHUNK on the GAS side.
• assets/apps_script/Code.cfw.gs — thin GAS relay that forwards to the Worker. Inherits decoy-on-bad-auth + DIAGNOSTIC_MODE from Code.gs, fail-closes on placeholder AUTH_KEY / WORKER_URL, wraps UrlFetchApp.fetch in try/catch so network-level Worker failures surface as {e: "worker unreachable: …"} instead of the decoy HTML. Batch path chunks at 40 URLs and dispatches via fetchAll (one quota per chunk, not per URL).
• Docs, English + Persian:
  • assets/cloudflare/README.md + README.fa.md — setup guide, three-matching-AUTH_KEYs security model, trade-off table, full-mode incompatibility section.
  • assets/apps_script/README.md — restructured to clarify which .gs files are unmodified upstream (Code.gs), maintained in this repo (CodeFull.gs), or derivative (Code.cfw.gs).
  • README.md — alternative-backend callout in both English and Persian setup guides.

Honest limitations (called out prominently in docs)

• No day-one UrlFetchApp daily-count relief. mhrv-rs's HTTP-relay path (RelayRequest in src/domain_fronter.rs) is single-shape only — it never emits q: [...]. The batch-aware path on the GAS+Worker side is wired and ready (ceil(N / 40) per N-URL batch) but unreachable from any shipping client. Latency win is real on day one; quota win materialises only if/when a batching client lands. The infrastructure costs nothing to leave in place.
• Not compatible with mode: "full". Only the HTTP-relay path (modes 1 + 2 in CodeFull.gs) is ported; raw-TCP / UDP tunnel ops (modes 3 + 4) needed for Android full-mode coverage of WhatsApp, Telegram, messengers etc. are not. Won't help that workload.
• YouTube long-form gets worse. 30 s CF Worker wall vs Apps Script's ~6 min — SABR cliff arrives sooner. Stay on Code.gs for YouTube-heavy use.
• Cloudflare anti-bot is unaffected. Exit IP becomes a Workers IP, which CF's anti-bot fingerprints as worker-internal — often stricter than a Google IP. Not a captcha fix.

Rust client changes

None. Pure GAS/Worker + docs addition. Existing config routes through the new deployment without modification.

Credits

Pattern from denuitt1/mhr-cfw (upstream mhr-cfw Worker + GAS forwarder design). This port adds the AUTH_KEY check, decoy treatment, fail-closed sentinels, exception handling, batch chunking, and the trade-off-honest docs.