Add macOS ad-hoc code signing after binary patching

[aaronepinto]

Summary

• Adds automatic ad-hoc re-signing (codesign --force --sign -) after every binary patch on macOS
• Fixes the issue where patching the Mach-O binary invalidates its code signature, causing the kernel to kill the process on launch
• Works in all code paths: interactive patching, silent apply (SessionStart hook), and restore-via-repatch
• Surfaces codesign status to the user — shows success in interactive mode, prints manual fallback command if codesign fails
• Updates the macOS preflight warning from "experimental" to informational
• Fixes ELF-only terminology in README to be platform-accurate

Changes

File	What changed
lib/patcher.mjs	New codesignBinary() helper called at end of patchBinary()
lib/tui.mjs	New warnCodesign() helper; codesign feedback at all 5 patchBinary call sites
lib/preflight.mjs	Updated macOS warning text
README.md	Fixed "ELF binary" refs; added codesign step to patch docs; updated limitations

Design decisions

• Codesign inside patchBinary() — single point of change, all callers get it automatically
• Never throws — codesign failure is reported but doesn't block the patch result
• No-op on non-Mac — zero overhead on Linux/Windows
• restoreBinary() untouched — it restores the original backup with its intact signature

Test plan

• On macOS: run interactive flow — binary should be patched AND signed
• Verify with codesign -v <binary-path>
• Launch claude — should not be killed
• Test apply --silent — should re-patch and re-sign after update
• Test restore — should restore original binary
• On Linux: verify no behavioral change (codesign is a no-op)