chore: cut v1.9.11 — DoH block + TLS pool tuning + github.io fronting

Wraps three already-merged PRs into a release:
- PR #763 (@yyoyoian-pixel): block_doh: true default; rejects browser DoH at SOCKS5 listener so it falls back to system DNS via tun2proxy virtual DNS instead of paying ~1.5s tunnel round-trip per name lookup. Also fixes the Android tunnel_doh config mismatch (was false on Android, true on Rust — silently broke bypass_doh_hosts).
- PR #751 (@yyoyoian-pixel): TLS pool refill loop keeping ≥8 ready connections, freshest-first acquire, pool TTL 45→60s, coalesce step 10→200ms (more conservative revert from v1.9.8 for full-mode batch packing).
- PR #747 (@Shjpr9): added github.io to Fastly fronting group example.

Tests: 179 lib + 35 tunnel-node green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/changelog/v1.9.11.md

@@ -0,0 +1,18 @@
+<!-- see docs/changelog/v1.1.0.md for the file format: Persian, then `---`, then English. -->
+• Block DoH by default (PR [#763](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/763) از @yyoyoian-pixel): مرورگرها روی DoH (chrome.cloudflare-dns.com، dns.google، …) به‌طور پیش‌فرض هر name lookup را از طریق tunnel می‌فرستند که ~۱.۵ثانیه overhead به هر page load اضافه می‌کنه. حالا با `block_doh: true` (پیش‌فرض)، CONNECTهای DoH فوراً rd می‌شن — مرورگر به system DNS fallback می‌کنه که `tun2proxy` با virtual DNS فوراً resolve می‌کنه. روی Android UI: Block DoH و Bypass DoH toggle در Advanced. Block over Bypass تقدم داره. همچنین fix bug Android: `tunnelDoh` در Android default `false` بود و در Rust `true`، باعث می‌شد config mismatch بشه و `bypass_doh_hosts` روی Android خاموش بمونه — اکنون default‌ها synced.
+• TLS connection pool tuning (PR [#751](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/751) از @yyoyoian-pixel):
+  - **Pool refill loop:** background task که دائماً ≥۸ connection ready نگه می‌داره، یکی یکی (نه burst) باز می‌کنه با ۵ ثانیه interval check
+  - **Freshest-first acquire:** به‌جای pop کردن آخرین entry، connection با بیشترین TTL باقی‌مانده انتخاب می‌شه
+  - **Pool TTL ۴۵→۶۰ ثانیه:** connection‌ها بیشتر زنده می‌مونن، churn کاهش
+  - **Coalesce step ۱۰→۲۰۰ms:** Full mode batch packing تنظیم — bottleneck dominant ~۱.۵s Apps Script round-trip است، 200ms wait نسبت به اون نامحسوس و ۳-۵× ops per batch بیشتر pack می‌کنه روی page load. (مقدار قبلی 10ms از v1.9.8 بود — این revert محافظه‌کارانه‌تر است.)
+• Fronting groups example: `github.io` به Fastly group اضافه شد (PR [#747](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/747) از @Shjpr9). GitHub Pages روی Fastly anycast `151.101.x.x` است.
+• تست: ۱۷۹ lib + ۳۵ tunnel-node test همه pass.
+---
+• Block DoH by default (PR [#763](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/763) from @yyoyoian-pixel): browsers' DoH (chrome.cloudflare-dns.com, dns.google, …) was sending every name lookup through the tunnel by default, adding ~1.5s overhead per page load. With `block_doh: true` (now default), DoH CONNECTs are rejected immediately — the browser falls back to system DNS, which `tun2proxy` resolves instantly via virtual DNS. Android UI: Block DoH and Bypass DoH toggles in Advanced settings; Block takes priority over Bypass. Also fixes an Android config bug where `tunnelDoh` defaulted to `false` Android-side but `true` in Rust — the field was never serialized so `bypass_doh_hosts` matching was silently broken on every fresh Android install. Defaults are now synced.
+• TLS connection pool tuning (PR [#751](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/751) from @yyoyoian-pixel):
+  - **Pool refill loop:** background task that maintains ≥8 ready connections, opening them one at a time (no burst) with a 5s interval check
+  - **Freshest-first acquire:** picks the connection with the most remaining TTL instead of popping whatever is on top
+  - **Pool TTL 45→60s:** connections live longer, less churn
+  - **Coalesce step 10→200ms:** Full mode batch packing; the dominant bottleneck is the ~1.5s Apps Script round-trip, so 200ms wait is negligible against it but packs 3–5× more ops per batch during page loads. (The previous 10ms value was the v1.9.8 default — this is a more conservative revert.)
+• Fronting groups example: added `github.io` to the Fastly group (PR [#747](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/747) from @Shjpr9). GitHub Pages is on the same Fastly anycast `151.101.x.x` as the other entries in that group.
+• Tests: 179 lib + 35 tunnel-node tests passing.