Define the win32 engine; add a dump source and physical sigscan

Name and isolate the Windows engine as one of potentially several. The
public surface moves to include/win32.h with an opaque vmie_win32 handle
(vmie_win32_open/close/mem); the engine's Windows internals — host bring-up,
the struct-offset profile, process/module/PE/text decode — live under
src/engine/win32. The generic address-space layer stays in src/engine
(gva.c + engine-arch.h, carrying no offset table): gva.c is de-profiled, and
CR3 bring-up reaches the hot translator through a cold gva_translate bridge
so the zero-copy hot path stays private and inlinable.

A memory source is now first-class and public: vmie_mem_open/_open_segs/
_close open a flat dump (or an explicit segment map) as a vmie_mem, with
gpa_seg promoted to the public contract. The physical signature scan is
exposed source-agnostically: sig_scan_mem returns GPAs for any vmie_mem,
sig_scan_sources scans several sources with per-source attribution, and
sig_from_bytes builds an exact needle from a byte span. The pure matcher is
unchanged; dumps and the live engine image are scanned uniformly, neither
needing the other.

include/sigscan.h

@@ -36,6 +36,12 @@ bool sig_parse_ida(const char* ida, sig_pattern_t* out);
  * false on NULL args or an empty mask. */
 bool sig_parse_mask(const uint8_t* bytes, const char* mask, sig_pattern_t* out);
 
+/* Build an exact (no-wildcard) pattern from `len` raw bytes: every byte must
+ * match. A thin wrapper over sig_parse_mask with an all-'x' mask, so the result
+ * is released with sig_free() like any other pattern. Returns true on success,
+ * false on NULL args, a zero length, or OOM. Touches no vmie_mem (pure). */
+bool sig_from_bytes(const uint8_t* bytes, size_t len, sig_pattern_t* out);
+
 /* Release a pattern produced by sig_parse_*. Safe on NULL and on an
  * already-freed pattern (it is zeroed). */
 void sig_free(sig_pattern_t* p);