TASK-068: tighten test gates and persist 35 unworked review findings

Adjust the body-residue integ test to force HTTP/1.1 (HTTP/2 stream
multiplexing would invalidate the keep-alive precondition) and gate the
headline assertion behind LT_ASSERT_EQ on connection_opened_count so a
fresh connection cannot produce a vacuously-passing result. Switch the
secure_zero DCE test's buffer to `volatile unsigned char[]` so the
optimizer cannot propagate the pre-zeroing sentinel directly into the
post-zeroing read (closes a real DCE loophole the prior sink-only
approach left open). Extend the nullptr-with-zero-size test with an
adjacent-sentinel guard so an accidental out-of-bounds write is caught.
Flip TASK-068 in M7 _index.md to Done, and persist the 35 unworked
review findings (0 critical, 2 major, 33 minor) from the final review
cycle for future follow-up tasks.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: etr

specs/tasks/M7-v2-cleanup/_index.md

@@ -32,7 +32,7 @@ TASK-093).
 | TASK-065 | RFC 5952 IPv6 zero-compression in `peer_address` | HIGH | S | Done |
 | TASK-066 | Runtime setter for hook alias slots | MED | M | Backlog |
 | TASK-067 | Remove v1 `registered_resources*` maps and `namespace compat` shim | MED | L | Done |
-| TASK-068 | `connection_state` hardening — CWE-226 / CWE-14 | MED | S | Backlog |
+| TASK-068 | `connection_state` hardening — CWE-226 / CWE-14 | MED | S | Done |
 | TASK-069 | Remove transitional two-arg `http_request_impl` constructor | MED | S | Backlog |
 | TASK-070 | Migrate `hook_table_` to `std::atomic<std::shared_ptr<T>>` | MED | M | Backlog |
 | TASK-071 | Wire `install_not_found_alias_` stub and remove dead `lambda_handler` arm | MED | S | Backlog |