Public-flip audit: scrub audit-ticket prefixes + LAN refs + tighten README

URLs → git.sulkta.com. Audit-ticket prefixes (SPEC §N, audit Track X, vc=N
audit-fix, FIX (audit ...), PORT DEVIATION) stripped from comments — technical
reasoning retained. Crafting-table LAN refs softened to 'Sulkta build host'.
README sheds marketing scaffolding + stale status tables.

strawApp/src/main/res/xml/file_paths.xml

@@ -4,7 +4,7 @@
          Narrowed to a `logs/` subdir of cacheDir (was the entire
          cacheDir) so a future bug that builds an attacker-influenced
          FileProvider URI can't reach SettingsImport workdirs or
-         other cache state. vc=37 round-3 audit CVE MED-5. -->
+         other cache state. -->
     <cache-path name="logs" path="logs/" />
 
     <!-- Completed downloads. Downloader uses