Add network interruption, invalid subscription and rollback tests

[Pectics]

Context

Roadmap item imported from PLAN_REQUEST.md and PLAN_RESPONSE.md for v1.0.0 — Stabilization.

Upstream references

• [Feature]: Include clash string in UA 在默认UA中包含Clash字样 spencerwooo/mihoro#198
• [Feature]: TUN support spencerwooo/mihoro#190
• An extended list of global configuration override support spencerwooo/mihoro#175

Upstream decision

• Ported
• Reimplemented
• Deferred
• Rejected

Reason: Reimplemented as release-gate failure-mode coverage.

Scope

• Test timeout, refused connection, partial/empty responses, invalid Base64/YAML, service-error HTML, and post-activation failure.
• Assert active/last-good pointers after each failure.
• Verify actionable redacted errors.

Acceptance criteria

• The scope above is implemented or documented in issue-linked PRs.
• Relevant upstream references are reviewed before implementation starts.
• Tests are added, or the PR explicitly explains why this is documentation-only.
• Documentation is updated, or the PR explicitly explains why no docs changed.
• Migration impact, security impact, and rollback behavior are evaluated.

Out of scope

• Work explicitly listed outside v1.0 in the roadmap remains deferred unless this issue is in v1.1+ — Post-v1 Backlog.
• No GitHub Project board, branch protection change, local commit, or repository file edit is part of this import pass.

Dependencies

• Depends on Implement transactional config activation and automatic rollback #4
• Depends on Add post-activation health checks and TUN rollback #20
• Depends on Detect subscription response formats and provide actionable errors #9
• Blocks Complete release-candidate migration testing #30

Security and rollback considerations

Apply Mihoto's safety rule for this issue: updates, migrations, service changes, TUN/DNS changes, and credential handling must be explicit, validated, auditable, and recoverable. Secrets and subscription URLs must be redacted from logs and issue artifacts.