Fix cross-thread ownership check: Use bits 8-15 for owner_tid_low

Problem:
- TLS_SLL_PUSH_DUP crash in Larson multi-threaded benchmark
- Cross-thread frees incorrectly routed to same-thread TLS path
- Root cause: pthread_t on glibc is 256-byte aligned (TCB base)
  so lower 8 bits are ALWAYS 0x00 for ALL threads

Fix:
- Change owner_tid_low from (tid & 0xFF) to ((tid >> 8) & 0xFF)
- Bits 8-15 actually vary between threads, enabling correct detection
- Applied consistently across all ownership check locations:
  - superslab_inline.h: ss_owner_try_acquire/release/is_mine
  - slab_handle.h: slab_try_acquire
  - tiny_free_fast.inc.h: tiny_free_is_same_thread_ss
  - tiny_free_fast_v2.inc.h: cross-thread detection
  - tiny_superslab_free.inc.h: same-thread check
  - ss_allocation_box.c: slab initialization
  - hakmem_tiny_superslab.c: ownership handling

Also added:
- Address watcher debug infrastructure (tiny_region_id.h)
- Cross-thread detection in malloc_tiny_fast.h Front Gate

Test results:
- Larson 1T/2T/4T: PASS (no TLS_SLL_PUSH_DUP crash)
- random_mixed: PASS
- Performance: ~20M ops/s (regression from 48M, needs optimization)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

core/box/ss_allocation_box.c

@@ -415,7 +415,8 @@ void superslab_init_slab(SuperSlab* ss, int slab_idx, size_t block_size, uint32_
     meta->used = 0;
     meta->capacity = capacity;
     meta->carved = 0;
-    meta->owner_tid_low = (uint8_t)(owner_tid & 0xFFu);
+    // Store bits 8-15 of owner_tid (low 8 bits are 0 for glibc pthread IDs)
+    meta->owner_tid_low = (uint8_t)((owner_tid >> 8) & 0xFFu);
     // Fail-safe: stamp class_idx from geometry (stride → class).
     // This normalizes both legacy and shared pool paths.
     for (int i = 0; i < TINY_NUM_CLASSES; i++) {