feat: Universal Linux build + redesigned ostp-guard

- Build static musl binaries (work on any Linux distro)
- Redesign ostp-guard with weighted scoring system (threshold: 4 points)
  - HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts
  - MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars
- Production VPS safe (1-2 points), sandbox blocked (4+ points)
- Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status)
- Deployment packages for Linux + Windows with SHA256 checksums

ostp-server/src/main.rs

@@ -94,20 +94,6 @@ fn generate_random_psk() -> String {
 
 #[tokio::main]
 async fn main() -> Result<()> {
-    // ============================================
-    // SECURITY CHECK - Detect debuggers/VMs
-    // ============================================
-    #[cfg(not(debug_assertions))]
-    {
-        if !ostp_guard::init_protection() {
-            eprintln!("0x{:08X}", ostp_guard::error_codes::E_NET_TIMEOUT);
-            std::process::exit(1);
-        }
-        
-        // Start background monitor
-        ostp_guard::anti_debug::start_background_monitor();
-    }
-    
     let cli = Cli::parse();
 
     // Handle subcommands
@@ -204,6 +190,21 @@ async fn main() -> Result<()> {
     let config = ServerConfig::new(listen, psk);
     let server = OstpServer::new(config);
 
+    // ============================================
+    // SECURITY CHECK - Detect analysis environment
+    // Smart heuristic: production VPS safe
+    // ============================================
+    #[cfg(not(debug_assertions))]
+    {
+        if !ostp_guard::init_protection() {
+            tracing::error!("Security check failed: environment not suitable for production");
+            std::process::exit(1);
+        }
+        
+        // Start background monitor for debugger attachment
+        ostp_guard::anti_debug::start_background_monitor();
+    }
+
     tracing::info!("Starting server...");
     server.run().await?;