refactor: modularize codebase — deduplicate, extract, clean up

- Unify duplicate uTLS transports into shared internal/transport package
- Extract shared version constant into internal/version
- Move LoadDefaultCredentials from config to auth (remove config→auth import)
- Deduplicate handler.go: extract telemetry/error helpers (324→268 lines)
- Break up main.go::run() into initCredential/initEmbedded
- Eliminate logging.Config duplication (use config.LoggingConfig directly)
- Extract logWriter to embedded/log.go, SSE fixtures to consts in sniff.go
- Use uTLS client for usage polling (consistent TLS fingerprint)
- Handle sjson.SetBytes errors in sanitize.go instead of silently swallowing
- Document reverse-engineered magic values in billing.go
- Unexport Credential.CooldownUntil (internal state)
- Replace hardcoded auth bypass paths with map in server.go

internal/proxy/upstream.go

@@ -13,6 +13,8 @@ import (
 
 	"github.com/fujin/anthropic-proxy/internal/auth"
 	"github.com/fujin/anthropic-proxy/internal/logging"
+	"github.com/fujin/anthropic-proxy/internal/transport"
+	"github.com/fujin/anthropic-proxy/internal/version"
 )
 
 const messagesURL = "https://api.anthropic.com/v1/messages?beta=true"
@@ -27,7 +29,7 @@ func NewUpstreamClient(profile *SniffedProfile) *UpstreamClient {
 	return &UpstreamClient{
 		client: http.Client{
 			Timeout:   0,
-			Transport: newUtlsRoundTripper(),
+			Transport: transport.NewUTLS(),
 		},
 		sessionID: uuid.New().String(),
 		profile:   profile,
@@ -38,7 +40,7 @@ func (u *UpstreamClient) version() string {
 	if u.profile != nil && u.profile.Version != "" {
 		return u.profile.Version
 	}
-	return "2.1.92"
+	return version.ClaudeCodeFallback
 }
 
 // applyHeaders replays sniffed headers, substituting auth + per-request IDs + accept.