Add per-contract timeout to Z3 solver invocations

[aallan]

Maliciously crafted contracts could trigger pathological Z3 behaviour (exponential blowup, excessive memory usage). The verifier should set a timeout on Z3 solver invocations.

solver = z3.Solver()
solver.set("timeout", 5000)  # 5 second timeout per contract

First, check whether this is already implemented in vera/smt.py or vera/verifier.py. If it is, document the default limits in the spec. If not, add it.

The three-tier fallback means undecidable contracts already degrade to runtime checks — a timeout should do the same.

[aallan]

Cross-ref: VeraBench VB-T4-007 (count_digits) consistently takes ~78s due to Z3 solver time on the division-based termination proof. Relevant for automated benchmark runs (aallan/vera-bench#31).

[aallan]

This is already implemented. vera/smt.py line 150 sets solver.set("timeout", timeout_ms) with a default of 10,000 ms (10 seconds), and vera/verifier.py (line 67) propagates this through every contract verification invocation. Contracts that hit the timeout fall back to Tier 3 runtime checking, consistent with the spec.

The 10-second default is now documented in spec/06-contracts.md §6.4.3 explicitly. Closing as completed.