Add imports, inline-hook detection, function hashing, per-function imports

Wave 2 of the code-analysis layer:

- vmie_win32_imports resolves the import directory (INT/IAT) to {iat_rva, dll,
  name, ordinal} - named APIs, walking the name and slot thunks in lockstep so
  every import carries the IAT slot a call lands on.
- vmie_win32_inline_hooks decodes each .pdata function's entry and reports any
  whose first instruction is a direct jmp/call leaving the module image - the
  detour/trampoline shape.
- vmie_win32_func_imports records, in order, the IAT slots a function calls
  through (call qword [rip+disp] onto an import slot): the function's API-call
  sequence, named by correlating with vmie_win32_imports.
- func_hash (codeanalysis.h) hashes a function position-independently, zeroing
  the displacement bytes the decoder locates - one primitive for fingerprinting
  known code and for detecting a changed body across snapshots.

Devirtualization needs no new call and is documented as a composition: a
vtable's methods are gva_jumptable(vtable_va), its instances are
pmap_referrers(vtable_va), and func_hash names each method. Imports reuse the
shared data-directory accessor; the analyses reuse the function/section/decode
primitives - no second PE or instruction parser.

src/engine/include/pe.h

@@ -62,6 +62,7 @@ int vmie_pe_section(vmie_mem* m, uintptr_t cr3, uint64_t module_base,
 
 /* OptionalHeader DataDirectory indices used across the engine. */
 #define PE_DIR_EXPORT     0u    /* IMAGE_DIRECTORY_ENTRY_EXPORT    */
+#define PE_DIR_IMPORT     1u    /* IMAGE_DIRECTORY_ENTRY_IMPORT    */
 #define PE_DIR_DEBUG      6u    /* IMAGE_DIRECTORY_ENTRY_DEBUG     */
 #define PE_DIR_EXCEPTION  3u    /* IMAGE_DIRECTORY_ENTRY_EXCEPTION (.pdata) */