v0.3.0: SOCKS5 listener + smart TLS/HTTP/plain-TCP dispatch

Ports the SOCKS5 + fallback-chain design from @masterking32's
MasterHTTP-WithSOCKS branch so xray / Telegram / app-level TCP
clients work through this proxy.

Changes:
- New SOCKS5 listener on listen_port+1 (configurable via socks5_port)
  - RFC 1928 CONNECT handshake (v5, no-auth, ATYP IPv4/domain/IPv6)
  - Shared smart dispatch with the HTTP-CONNECT path
- Unified dispatch_tunnel() used by both CONNECT entry points:
  1. If host matches SNI-rewrite suffix or hosts override: go direct
     to google_ip via the MITM+TLS tunnel (fast path for google.com,
     youtube, etc.)
  2. Peek the first byte (300ms timeout for server-first protocols):
     - 0x16: TLS client hello -> MITM + relay via Apps Script (scheme=https)
     - HTTP method signature: HTTP relay via Apps Script (scheme=http)
     - Anything else or timeout: plain TCP passthrough to the target
- handle_mitm_request() now takes a scheme arg (http/https) so the
  same code path handles both MITM'd HTTPS and port-80 plain HTTP
- New plain_tcp_passthrough helper: bidirectional TCP bridge used as
  the final fallback (covers MTProto / raw TCP / server-first protos)

Config:
- Added optional socks5_port field; defaults to listen_port+1

README:
- Added browser vs xray/Telegram instructions under 'Step 6'

Live-tested: HTTP proxy, HTTP proxy -> HTTPS, SOCKS5 -> HTTP,
SOCKS5 -> HTTPS, Google search via SNI-tunnel (now returns full
JS page) all pass.

config.example.json

@@ -6,6 +6,7 @@
   "auth_key": "CHANGE_ME_TO_A_STRONG_SECRET",
   "listen_host": "127.0.0.1",
   "listen_port": 8085,
+  "socks5_port": 8086,
   "log_level": "info",
   "verify_ssl": true,
   "hosts": {}