docs: factual audit + reference sync — 260 findings corrected

Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

guide/visual-reference.md

@@ -309,7 +309,7 @@ How a malicious MCP server can exploit the one-time approval model:
 ┌─────────────────────────────────────────────────────────────┐
 │  1. Attacker publishes benign MCP "code-formatter"          │
 │                         ↓                                    │
-│  2. User adds to ~/.claude/mcp.json, approves once          │
+│  2. User adds to ~/.claude.json, approves once               │
 │                         ↓                                    │
 │  3. MCP works normally for 2 weeks (builds trust)           │
 │                         ↓                                    │