fix: harden IPC, screenshot, paging, and tab filter error handling

- tabs.py: validate screenshot data URL prefix and catch binascii.Error
  instead of silently writing a zero-byte file or crashing with a raw traceback
- serve.py: add 30 s recv timeout on client connections to prevent unbounded
  thread accumulation; use hmac.compare_digest for constant-time token check
- native_host.py: bind Unix socket before _registry_add to eliminate the
  window where the registry points to an unbound path; cap paging loop at
  ceil(10000/PAGE_SIZE) iterations to guard against a misbehaving extension;
  remove dead no-hello fast-path queue that was registered but never consumed
- __init__.py: narrow _apply_tab_filter except to (AttributeError, TypeError)
  so broken filter functions raise instead of silently returning wrong results

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

browser_cli/commands/tabs.py

@@ -1,4 +1,5 @@
 import base64
+import binascii
 import click
 from browser_cli.client import BrowserNotConnected, active_browser_targets, remote_browser_targets, send_command
 from rich.console import Console
@@ -288,7 +289,12 @@ def tabs_screenshot(output, tab_id, fmt, quality):
     data_url = result.get("dataUrl", "") if isinstance(result, dict) else ""
     if output:
         header = f"data:image/{fmt};base64,"
-        raw = base64.b64decode(data_url[len(header):])
+        if not data_url.startswith(header):
+            raise click.ClickException("Empty or unexpected screenshot response (incognito/protected tab?)")
+        try:
+            raw = base64.b64decode(data_url[len(header):])
+        except binascii.Error as e:
+            raise click.ClickException(f"Failed to decode screenshot data: {e}")
         with open(output, "wb") as f:
             f.write(raw)
         console.print(f"[green]Screenshot saved:[/green] {output}")