Add stackrot (CVE-2023-3269) + af_packet2 (CVE-2020-14386) modules

Two more for 'THE tool' coverage breadth.

stackrot CVE-2023-3269 (Ruihan Li, Jul 2023):
- maple-tree VMA-split UAF — kernel R/W via use-after-RCU
- **Different bug class than the netfilter-heavy 2022-2024 modules**
  (mm-class, broadens corpus shape)
- kernel_range: 6.1 ≤ K < 6.4-rc4, backports: 6.1.37 / 6.3.10 /
  mainline 6.4
- Pre-6.1 immune (no maple tree); 6.5+ patched
- Affects 6.1 LTS still widely deployed
- ~1000-line public PoC deferred for port

af_packet2 CVE-2020-14386 (Or Cohen, Sep 2020):
- AF_PACKET tpacket_rcv VLAN integer underflow → heap OOB
- Sibling of CVE-2017-7308; same subsystem, different code path
- kernel_range: 4.6 ≤ K, backports across 4.9 / 4.14 / 4.19 / 5.4 / 5.7 / 5.8
- Family-shared 'iamroot-af-packet' audit key (one ausearch covers both
  CVEs from one rule deployment)

Era coverage now (1 gap year remaining: 2018):
  2016: dirty_cow                              🟢
  2017: af_packet                              🔵
  2019: ptrace_traceme                         🟢
  2020: af_packet2                             🔵
  2021: pwnkit, overlayfs, netfilter_xtcompat  🟢/🟢/🔵
  2022: dirty_pipe, cls_route4, fuse_legacy    🟢/🔵/🔵
  2023: entrybleed, stackrot                   🟢/🔵
  2024: nf_tables                              🔵
  2026: copy_fail family (×5)                  🟢

18 modules total. Build clean. Scan on Debian 6.12.86: 13 OK / 5 VULN.

core/registry.h

@@ -32,5 +32,7 @@ void iamroot_register_ptrace_traceme(void);
 void iamroot_register_netfilter_xtcompat(void);
 void iamroot_register_af_packet(void);
 void iamroot_register_fuse_legacy(void);
+void iamroot_register_stackrot(void);
+void iamroot_register_af_packet2(void);
 
 #endif /* IAMROOT_REGISTRY_H */