Fix critical type safety bug: enforce hak_base_ptr_t in tiny_alloc_fast_push

Root cause: Functions tiny_alloc_fast_push() and front_gate_push_tls() accepted
void* instead of hak_base_ptr_t, allowing implicit conversion of USER pointers
to BASE pointers. This caused memory corruption in TLS SLL operations.

Changes:
- core/tiny_alloc_fast.inc.h:879 - Change parameter type to hak_base_ptr_t
- core/tiny_alloc_fast_push.c:17 - Change parameter type to hak_base_ptr_t
- core/tiny_free_fast.inc.h:46 - Update extern declaration
- core/box/front_gate_box.h:15 - Change parameter type to hak_base_ptr_t
- core/box/front_gate_box.c:68 - Change parameter type to hak_base_ptr_t
- core/box/tls_sll_box.h - Add misaligned next pointer guard and enhanced logging

Result: Zero misaligned next pointer detections in tests. Corruption eliminated.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

core/box/front_gate_box.c

@@ -65,7 +65,7 @@ void front_gate_after_refill(int class_idx, int refilled_count) {
     }
 }
 
-void front_gate_push_tls(int class_idx, void* ptr) {
+void front_gate_push_tls(int class_idx, hak_base_ptr_t ptr) {
     // IMPORTANT: ptr is ALREADY a BASE pointer (callers from tiny_free_fast.inc.h
     // convert USER→BASE before calling tiny_alloc_fast_push)
     // Do NOT double-convert! Pass directly to TLS SLL which expects BASE.