fix: close Zee R2 review (LEP-6-foundation PR #117) — 24/24 findings resolved

[j-rafique]

This commit closes ALL 24 findings from Zee's round-2 production-gate review of PR #117 (review id 4184561676, against tip 868cbc7).

HIGH (4/4):

• NEW-C-3: restore RegistrationFeeShareBps 2% fee-routing block in x/action/keeper.DistributeFees that LEP-6 consolidation silently deleted. Re-add RewardDistributionKeeper interface, keeper field, ctor arg, depinject wiring; routing precedes foundation share (matches master).
• NEW-C-1: ExportGenesis now round-trips 8 epoch-scoped audit-state prefix families (st/rce, st/nf, st/rrs, st/spt, st/fh, r/, hr/, sc/). Adds proto wrapper messages, GetAll* iterators, InitGenesis re-emits via existing Set* writers (secondary indexes rebuild naturally).
• NEW-A-12 + NEW-A-17: WindowStartEpoch underflow at scoring window resets. Replace raw uint64 subtraction with epochDelta() at storage_truth_scoring.go:256/332. ValidateScoreStatesGenesis rejects WindowStartEpoch > currentEpoch on both score-state slices.
• NEW-B-1: EXPIRED heal-ops now apply §20 no-show cooldown (DeteriorationScore += 15, ProbationUntilEpoch advanced) and write st/fh/ failed-heal facts, mirroring the FAILED branch. Prevents same-ticket re-schedule loop on silent-healer scenarios.

MEDIUM (9/9):

• NEW-C-2: FinalizeAction audit hook now uses CascadeArtifactCountsWithFallback helper (single source of truth across Process, GetUpdatedMetadata, FinalizeAction).
• NEW-A-11 residue: bounded epoch-range scans for storageTruthReporterDivergenceStats and distinctNodeFailedTickets via NodeStorageTruthFailureEpochScanRange and ReporterStorageTruthResultEpochScanRange (key shape unchanged).
• NEW-A-13: divergence cross-multiply uses big.Int (overflow-safe).
• NEW-A-14 + NEW-A-15: trust multiplier limited to Class A pre-recheck (HASH_MISMATCH OR INDEX-artifact); pattern-escalation bonuses no longer scaled (Class B/C natural-fix once predicate narrowed).
• NEW-A-18: per-result PASS/TIMEOUT reporterReliability delta = 0; ApplyReporterCleanEpochRecoveryAtEpochEnd applies single -4 once at epoch-end on >=5 PASS with no overturned fails (spec §15.3).
• NEW-B-2: healer-eligibility uses decayTowardZero(SuspicionScore, ...) matching enforcement.go sibling-symmetry.
• NEW-B-8: finalizeHealOp verified branch resets DistinctHolderFailureCount, RecentFailureEpochCount, LastIndexFailureEpoch, LastFailureEpoch to restore §20 fresh-start semantic post-heal.
• F121-F12: distinct postpone reason 'audit_storage_truth_strong_suspicion' for the strong band + new param StorageTruthStrongRecoveryCleanPassCount (default 5) + ap/sts/ strong-marker store key. Recovery selects the required pass count based on the persisted reason.
• F121-F10/F119-F3: ticket ContradictionCount bumps now confirmation-guarded via contradictionConfirmed bool param (mirrors reporter-side guard).

LOW (11/11):

• NEW-A-15, NEW-A-17: auto-closed by NEW-A-14 / NEW-A-12 fixes.
• NEW-A-16: median-of-even uses upper-pair (more conservative).
• NEW-B-3: verifierCount promoted to StorageTruthHealVerifierCount param (default 2). Allows governance tuning per network conditions.
• NEW-B-4: emit EventTypeHealOpInsufficientVerifiers when verifier pool is empty (sibling-symmetry with InsufficientHealers).
• NEW-B-5: linkStorageTruthRecheckTranscript carries doc comment clarifying per-creator single-witness uniqueness at link time vs cross-creator quorum at scoring time.
• NEW-B-6 + NEW-B-9: InitGenesis cross-validates audit StorageTruthPostponements against supernode SuperNodeStatePostponed; rejects mismatched state with descriptive error.
• NEW-B-7: GetNextHealOpID panic-guards on malformed state and id==0 (sibling-symmetry with GetNextEvidenceID).
• NEW-C-4 / NEW-A-19: pruneStorageProofTranscripts logs malformed records via k.Logger().Error() so silent corruption is observable.
• F119-F3 residue: cross-holder PASS bonus implemented in applyTicketDeteriorationDelta — when PASS lands on a ticket whose prior-holder state recorded a failure from a DIFFERENT holder, an additional -3 ticket-deterioration delta is applied on top of the base bucket reduction. Predicate: result.ResultClass == PASS AND prior state.LastTargetSupernodeAccount != result.TargetSupernodeAccount AND isStorageTruthFailureClass(state.LastResultClass). Tests cover cross-holder (-5 total), same-holder (-2 only), fresh-ticket (no-op), and prior-PASS (no bonus) cases.
• NF7: workspace/docs/LEP6.md pair_rank wording updated to canonical 0x00-framed form (matches in-repo implementation guide).

Tests:

• Build clean. ./x/... unit green. Module-level simulation green. ./tests/integration/... (audit, action, everlight, bank, staking, wasm, supernode, gov) green. ./tests/system/... (-tags=system) green. Systemtests vet (-tags=system_test) clean. e2e systemtests (-tags=system_test, 30min cap) green: 25/25 PASS.
• New unit tests covering: fee-routing, genesis round-trip, window safety, expire cooldown, decay-adjusted heal eligibility, panic guards on malformed counter state, genesis cross-validation, clean-epoch recovery, scoring delta zero (PASS/TIMEOUT per-result), F119-F3 cross-holder PASS bonus (4 sub-tests).
• Fixture updates per CP-policy with explicit 'Per ' citations.

Verification artefacts: /tmp/lep6-r2-fix/.r2/track{1..4}_*.md
Plan: docs/plans/LEP6_REVIEW_R2_FIX_PLAN.md