v0.3.1: --dump-offsets tool + NOTICE.md per module

The README has been claiming "each module credits the original CVE
reporter and PoC author in its NOTICE.md" since v0.1.0, but only
copy_fail_family actually shipped one. Fixed.

  modules/<name>/NOTICE.md (×19 new + 1 existing): per-module
    research credit covering CVE ID, discoverer, original advisory
    URL where public, upstream fix commit, IAMROOT's role.

  iamroot.c: new --dump-offsets subcommand. Resolves kernel offsets
    via the existing core/offsets.c four-source chain (env →
    /proc/kallsyms → /boot/System.map → embedded table), then emits
    a ready-to-paste C struct entry for kernel_table[]. Run once
    as root on a target kernel build; upstream via PR. Eliminates
    fabricating offsets — every shipped entry traces back to a
    `iamroot --dump-offsets` invocation on a real kernel.

  docs/OFFSETS.md: documents the --dump-offsets workflow.
  CVES.md: notes the NOTICE.md convention + offset dump tool.

  iamroot.c: bump IAMROOT_VERSION 0.3.0 → 0.3.1.

modules/entrybleed_cve_2023_0458/NOTICE.md

@@ -0,0 +1,23 @@
+# NOTICE — entrybleed
+
+## Vulnerability
+
+**CVE-2023-0458** — KPTI `prefetchnta` timing side-channel leaks the
+kernel base address (KASLR bypass).
+
+## Research credit
+
+Discovered by **Will Findlay**. Formally presented at USENIX Security '23:
+
+> "EntryBleed: A Universal KASLR Bypass against KPTI on Linux"
+> Bert Jan Schijf, Cristiano Giuffrida — USENIX Security 2023
+
+Mainline status: no canonical patch — partial mitigations only.
+
+## IAMROOT role
+
+This is a **stage-1 leak primitive**, not a standalone LPE. Other
+modules can call `entrybleed_leak_kbase_lib()` to obtain a KASLR
+slide and feed it to the offset resolver in `core/offsets.c`. x86_64
+only; the `entry_SYSCALL_64` slot offset is configurable via the
+`IAMROOT_ENTRYBLEED_OFFSET` env var.