TASK-024: close unregister_resource TOCTOU race, record unworked review issues

Security review on the v2.0 register_path/register_prefix split flagged a
TOCTOU window: the previous unregister_resource() called unregister_path()
and unregister_prefix() in sequence, each acquiring the lock independently,
so a concurrent reader could observe the route in only one map. Rewrite it
to compute both endpoint keys up front and hold a single unique_lock across
all four map erasures plus the route-cache clear. New unit test pins the
atomicity contract.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: etr