fix: add reCAPTCHA v3 detection to navigate response

[LuminDev]

Summary

Detect invisible Google reCAPTCHA v3 (score-based) on pages. Unlike v2 (visible checkbox widget, already handled by CDN block detection), v3 has no visual feedback — form submissions are silently rejected when the headless browser scores too low. This adds detection so users are warned.

Changes

• recaptcha_detected field on FetchedPage struct — surfaced in MCP navigate response
• looks_like_recaptcha_v3() — checks HTML for Google reCAPTCHA CDN scripts (www.google.com/recaptcha/api.js / www.gstatic.com/recaptcha/releases/), excludes v2 visible widgets
• Detection runs on both HTTP fetch and browser escalation paths
• 5 unit tests covering positive detection, negative, v2 overlap, case insensitivity

E2E Verification

• ✅ DoraHacks login page (recaptcha_detected: true) — the page from the issue
• ✅ example.com (false)
• ✅ github.com (false)
• ✅ Wikipedia (false)

Test Results

cargo test -p browser -- recaptcha  → 5/5 passed
cargo test -p browser               → 161 passed, 0 failed
cargo test -p agent -- navigate      → 31 passed, 0 failed
cargo build --release                → success

Closes #48

[Mingye-Lu]

Closing in favor of a cleaner approach. The core design of adding recaptcha_detected: bool to FetchedPage doesn't scale — every new anti-bot service would require a new struct field and new JSON key. A follow-up PR will instead surface reCAPTCHA v3 silent rejections as a ToolExecutionError that routes through the existing FailureCategory::CaptchaDetected infrastructure, keeping the API surface clean and the behavior consistent with how all other CAPTCHA challenges are handled.