Add tokio-rs/loom harnesses for stream-channel backpressure

[avrabe]

Part of the V&V coverage initiative.

Problem

relay is stream-native: components are wired as stream<T> inputs/outputs with backpressure. Lean proves output_count ≤ n·K per engine (proofs/lean/BackpressureSafety.lean). Kani (separate issue) will verify per-engine state machines. What neither covers: concurrent producer/consumer interleavings on the stream channels themselves.

tokio-rs/loom is the right tool — it enumerates every thread interleaving for a bounded concurrent program. Note: this is the tokio-rs crate loom, NOT this org's pulseengine/loom (WASM optimizer).

Acceptance

• Add loom as dev-dep with #[cfg(loom)] import pattern
• tokio-loom harness per channel primitive: producer + consumer threads cannot cause buffer overflow, ordering violations, or lost messages
• tokio-loom harness for backpressure: when a downstream engine stalls, upstream cannot overrun the bounded buffer
• tokio-loom harness for stream wiring: fuse/demux/merge primitives preserve message ordering
• Harnesses under tests/loom_<channel>.rs
• Separate CI job for loom (slow) — feature-gated RUSTFLAGS="--cfg loom"
• Traceability in rivet.yaml: loom harness → Lean backpressure theorem

Notes

• Keep harnesses bounded (2–3 producers, 1 consumer, ≤4 messages per producer is typically enough)
• Reference: thrum/crates/thrum-db/tests/loom_claims.rs
• Pair with the Kani state-machine issue for complete engine coverage