docs: bring Token-2022 (Token Extensions) into MVP scope (extension-gated)

Most new tokens — incl. all Pump.fun launches — are Token-2022, so cleaning
only classic SPL misses the majority of real dust. PYRE now supports Token-2022
conservatively, gating on account+mint extensions:
- skip: confidential transfer, withheld transfer fees, frozen/default-frozen,
  and any unrecognized extension (UNSUPPORTED). "Unknown means skip" now covers
  unknown program OR unknown/unsafe extension.
- cleanable but flagged: transfer-hook & permanent-delegate (burn/close don't
  fire a hook; you may always burn/close your own account); non-transferable is
  burnable.
- rent reclaim = account's live lamports (Token-2022 size varies); CloseAccount
  as a top-level instruction (CPI-Guard safe).

Updated PYRE_MVP_DESIGN.md (§5/§6/§7 + new §7.1 policy table + §8/§16),
TOKEN_CLASSIFICATION.md (categories, safety checklist, decision flow), SECURITY.md.
Researched against Solana docs + Neodyme review. Classifier CODE still skips all
Token-2022 (safe subset) until the extension-aware impl lands next.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

docs/SECURITY.md

@@ -46,8 +46,12 @@ For the MVP:
 
 ## Token safety
 
-- Unknown assets default to **skip**.
-- Token-2022 defaults to **skip** for the MVP.
+- Unknown assets default to **skip** — unknown token program *or* unknown/unsafe
+  Token-2022 extension.
+- Token-2022 is **supported** with conservative extension gating (design doc
+  §7.1): confidential-transfer, withheld-transfer-fee, frozen, and any
+  unrecognized-extension accounts are **skipped**; transfer-hook /
+  permanent-delegate mints are cleanable but **flagged**.
 - NFTs default to **skip**.
 - Valuable assets default to **skip**.
 - The user must **manually select** anything risky.