rename: IAMROOT → SKELETONKEY across the entire project

Breaking change. Tool name, binary name, function/type names,
constant names, env vars, header guards, file paths, and GitHub
repo URL all rebrand IAMROOT → SKELETONKEY.

Changes:
  - All "IAMROOT" → "SKELETONKEY" (constants, env vars, enum
    values, docs, comments)
  - All "iamroot" → "skeletonkey" (functions, types, paths, CLI)
  - iamroot.c → skeletonkey.c
  - modules/*/iamroot_modules.{c,h} → modules/*/skeletonkey_modules.{c,h}
  - tools/iamroot-fleet-scan.sh → tools/skeletonkey-fleet-scan.sh
  - Binary "iamroot" → "skeletonkey"
  - GitHub URL KaraZajac/IAMROOT → KaraZajac/SKELETONKEY
  - .gitignore now expects build output named "skeletonkey"
  - /tmp/iamroot-* tmpfiles → /tmp/skeletonkey-*
  - Env vars IAMROOT_MODPROBE_PATH etc. → SKELETONKEY_*

New ASCII skeleton-key banner (horizontal key icon + ANSI Shadow
SKELETONKEY block letters) replaces the IAMROOT banner in
skeletonkey.c and README.md.

VERSION: 0.3.1 → 0.4.0 (breaking).

Build clean on Debian 6.12.86. `skeletonkey --version` → 0.4.0.
All 24 modules still register; no functional code changes — pure
rename + banner refresh.

README.md

@@ -1,4 +1,4 @@
-# IAMROOT
+# SKELETONKEY
 
 > A curated, actively-maintained corpus of Linux kernel LPE exploits —
 > bundled with their detection signatures, patch status, and version
@@ -7,15 +7,20 @@
 > vulnerable to, and — with explicit confirmation — gets you root.
 
 ```
- ██╗ █████╗ ███╗   ███╗██████╗  ██████╗  ██████╗ ████████╗
- ██║██╔══██╗████╗ ████║██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝
- ██║███████║██╔████╔██║██████╔╝██║   ██║██║   ██║   ██║
- ██║██╔══██║██║╚██╔╝██║██╔══██╗██║   ██║██║   ██║   ██║
- ██║██║  ██║██║ ╚═╝ ██║██║  ██║╚██████╔╝╚██████╔╝   ██║
- ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝
+      ╔══╤══╗
+      ║  ●  ║═══════════════════════════════════════════════════--,
+      ╚═════╝                                                     `--,_
+                                                                     `_/
+
+ ███████╗██╗  ██╗███████╗██╗     ███████╗████████╗ ██████╗ ███╗   ██╗██╗  ██╗███████╗██╗   ██╗
+ ██╔════╝██║ ██╔╝██╔════╝██║     ██╔════╝╚══██╔══╝██╔═══██╗████╗  ██║██║ ██╔╝██╔════╝╚██╗ ██╔╝
+ ███████╗█████╔╝ █████╗  ██║     █████╗     ██║   ██║   ██║██╔██╗ ██║█████╔╝ █████╗   ╚████╔╝ 
+ ╚════██║██╔═██╗ ██╔══╝  ██║     ██╔══╝     ██║   ██║   ██║██║╚██╗██║██╔═██╗ ██╔══╝    ╚██╔╝  
+ ███████║██║  ██╗███████╗███████╗███████╗   ██║   ╚██████╔╝██║ ╚████║██║  ██╗███████╗   ██║   
+ ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚══════╝   ╚═╝    ╚═════╝ ╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝   ╚═╝   
 ```
 
-> ⚠️ **Authorized testing only.** IAMROOT is a research and red-team
+> ⚠️ **Authorized testing only.** SKELETONKEY is a research and red-team
 > tool. By using it you assert you have explicit authorization to test
 > the target system. See [`docs/ETHICS.md`](docs/ETHICS.md).
 
@@ -23,29 +28,29 @@
 
 ```bash
 # One-shot install (x86_64 / arm64; checksum-verified)
-curl -sSL https://github.com/KaraZajac/IAMROOT/releases/latest/download/install.sh | sh
+curl -sSL https://github.com/KaraZajac/SKELETONKEY/releases/latest/download/install.sh | sh
 ```
 
-**iamroot runs as a normal unprivileged user** — that's the whole
+**skeletonkey runs as a normal unprivileged user** — that's the whole
 point. `--scan`, `--audit`, `--exploit`, and `--detect-rules` all
 work without `sudo`. Only `--mitigate` and rule-file installation
 write to root-owned paths.
 
 ```bash
 # What's this box vulnerable to?  (no sudo)
-iamroot --scan
+skeletonkey --scan
 
 # Broader system hygiene (setuid binaries, world-writable, capabilities, sudo)
-iamroot --audit
+skeletonkey --audit
 
 # Deploy detection rules (needs sudo to write /etc/audit/rules.d/)
-iamroot --detect-rules --format=auditd | sudo tee /etc/audit/rules.d/99-iamroot.rules
+skeletonkey --detect-rules --format=auditd | sudo tee /etc/audit/rules.d/99-skeletonkey.rules
 
 # Apply temporary mitigations (needs sudo for modprobe.d + sysctl)
-sudo iamroot --mitigate copy_fail
+sudo skeletonkey --mitigate copy_fail
 
 # Fleet scan (any-sized host list via SSH; aggregated JSON for SIEM)
-./tools/iamroot-fleet-scan.sh --binary iamroot --ssh-key ~/.ssh/id_rsa hosts.txt
+./tools/skeletonkey-fleet-scan.sh --binary skeletonkey --ssh-key ~/.ssh/id_rsa hosts.txt
 ```
 
 ### Example: unprivileged → root
@@ -54,14 +59,14 @@ sudo iamroot --mitigate copy_fail
 $ id
 uid=1000(kara) gid=1000(kara) groups=1000(kara)
 
-$ iamroot --scan
+$ skeletonkey --scan
 [+] dirty_pipe       VULNERABLE (kernel 5.15.0-56-generic)
 [+] cgroup_release_agent VULNERABLE (kernel 5.15 < 5.17)
 [+] pwnkit           VULNERABLE (polkit 0.105-31ubuntu0.1)
 [-] copy_fail        not vulnerable (kernel 5.15 < introduction)
 [-] dirty_cow        not vulnerable (kernel ≥ 4.9)
 
-$ iamroot --exploit dirty_pipe --i-know
+$ skeletonkey --exploit dirty_pipe --i-know
 [!] dirty_pipe: kernel 5.15.0-56-generic IS vulnerable
 [+] dirty_pipe: writing UID=0 into /etc/passwd page cache...
 [+] dirty_pipe: spawning su root
@@ -69,27 +74,27 @@ $ iamroot --exploit dirty_pipe --i-know
 uid=0(root) gid=0(root) groups=0(root)
 ```
 
-`iamroot --help` lists every command. See [`CVES.md`](CVES.md) for
+`skeletonkey --help` lists every command. See [`CVES.md`](CVES.md) for
 the curated CVE inventory and [`docs/DEFENDERS.md`](docs/DEFENDERS.md)
 for the blue-team deployment guide.
 
 ## What this is
 
 Most Linux LPE references are dead repos, broken PoCs, or single-CVE
-deep-dives. **IAMROOT is a living corpus**: each CVE that lands here
+deep-dives. **SKELETONKEY is a living corpus**: each CVE that lands here
 is empirically verified to work on the kernels it claims to target,
 CI-tested across a distro matrix, and ships with the detection
 signatures defenders need to spot it in their environment.
 
 The same binary covers offense and defense:
 
-- `iamroot --scan` — fingerprint the host, report which bundled CVEs
+- `skeletonkey --scan` — fingerprint the host, report which bundled CVEs
   apply, and which are blocked by patches/config/LSM
-- `iamroot --exploit <CVE>` — run the named exploit (with `--i-know`
+- `skeletonkey --exploit <CVE>` — run the named exploit (with `--i-know`
   authorization gate)
-- `iamroot --detect-rules` — dump auditd / sigma / yara rules for
+- `skeletonkey --detect-rules` — dump auditd / sigma / yara rules for
   every bundled CVE so blue teams can drop them into their tooling
-- `iamroot --mitigate` — apply temporary mitigations for CVEs the
+- `skeletonkey --mitigate` — apply temporary mitigations for CVEs the
   host is vulnerable to (sysctl knobs, module blacklists, etc.)
 
 ## Status
@@ -110,7 +115,7 @@ across the 2016 → 2026 LPE timeline:
   fuse_legacy, nf_tables, netfilter_xtcompat, nft_fwd_dup,
   nft_payload, nft_set_uaf, stackrot.
 - Detection rules ship inline (auditd / sigma / yara / falco) and
-  are exported via `iamroot --detect-rules --format=…`.
+  are exported via `skeletonkey --detect-rules --format=…`.
 
 See [`CVES.md`](CVES.md) for the per-CVE inventory + patch status.
 See [`ROADMAP.md`](ROADMAP.md) for the next planned modules.
@@ -126,7 +131,7 @@ The Linux kernel privilege-escalation space is fragmented:
 - **Per-CVE single-PoC repos**: usually one author, often abandoned
   within months of release, often only one distro
 
-IAMROOT's bet is that there's room for a single curated bundle that
+SKELETONKEY's bet is that there's room for a single curated bundle that
 (1) actively maintains a small set of high-quality exploits across a
 multi-distro matrix, and (2) ships detection rules alongside each
 exploit so the same project serves both red and blue teams.
@@ -148,16 +153,16 @@ module-loader design and how to add a new CVE.
 
 ```bash
 make                          # build all modules
-./iamroot --scan              # what's this box vulnerable to?  (no sudo)
-./iamroot --scan --json       # machine-readable output for CI/SOC pipelines
-./iamroot --detect-rules --format=sigma > rules.yml
-./iamroot --exploit copy_fail --i-know   # actually run an exploit (starts as $USER)
+./skeletonkey --scan              # what's this box vulnerable to?  (no sudo)
+./skeletonkey --scan --json       # machine-readable output for CI/SOC pipelines
+./skeletonkey --detect-rules --format=sigma > rules.yml
+./skeletonkey --exploit copy_fail --i-know   # actually run an exploit (starts as $USER)
 ```
 
 ## Acknowledgments
 
 Each module credits the original CVE reporter and PoC author in its
-`NOTICE.md`. IAMROOT is the bundling and bookkeeping layer; the
+`NOTICE.md`. SKELETONKEY is the bundling and bookkeeping layer; the
 research credit belongs to the people who found the bugs.
 
 ## License