[TD-02] 1521 unwrap()/expect() call sites; 18 in network/mem.rs production path

[intendednull]

Audit finding from #300 (commit 679f9fe)

Severity: high
Category: tech debt / panic risk
File: crates/network/src/mem.rs (18 unwraps before #[cfg(test)]); crates/storage/src/store.rs (post-cfg(test)); crates/crypto/src/lib.rs:175,185 (2 documented expect)
Obvious fix: yes (parking_lot swap is mechanical for mem.rs)

Description

1521 unwrap/expect call sites across the tree; ~805 sit outside tests/ directories, but most of those are still inside #[cfg(test)] modules in src files. The genuine production hotspot is crates/network/src/mem.rs, a test-double Network impl, that uses .lock().unwrap() 18 times before its own #[cfg(test)] block. Crypto has 2 deliberate expect() calls with justifications.

Impact / Threat

Mutex::lock() poisoning in mem.rs will panic the whole runtime; in shared-state environments this is brittle.

Suggested fix

Replace lock().unwrap() with explicit poison handling or a parking_lot::Mutex (which has no poison API). For genuinely-infallible cases keep expect() but document the invariant inline (crypto/lib.rs is a good model).

Verify

rg "\.unwrap\(\)|\.expect\(" --type rust crates/ | wc -l
head -425 crates/network/src/mem.rs | rg "\.unwrap\(\)|\.expect\(" | wc -l