feat(epon): F-MDCONU3A — add CLI permission bypass, full command reference, firmware flash protocol

Adds extensive reverse-engineering findings for the Free/Iliad F-MDCONU3A
(BCM55030 10G-EPON ONU) from static analysis of the v3.2.9 firmware binary:

- CLI permission system: pl built-in command bypasses all permission checks,
  pl omega gives full manufacturing access (level 2) from default UART shell
- Complete CLI command tree at all 3 permission levels with inline descriptions
  (level 0: ~60 cmds, level 1: +20, level 2: +25)
- Full CLI command reference: syntax, arguments, and descriptions for every
  command, organized by category (system, EPON/MAC, MPCP, memory, stats,
  firmware/flash, FDS, alarms/debug, multicast, SerDes, MACsec)
- PON speed mode encoding table (1G/1G, 2G/1G, 10G/1G, 10G/10G)
- Firmware flash protocol (load/rx): raw binary transfer over UART at
  57600 baud, TKF container format with trailing CRC32
- Hardware architecture details: Harvard ARC (ICCM/DCCM), firmware structure,
  FDS personality records
- Expanded flash memory map with all 5 regions including FDS/Config
- Filled in missing hardware specs (bootloader, system, load addr, RAM, chipset)
- Corrected mcast/ command tree (domains/groups/sources/reporters don't exist
  in the v3.2.9 binary — only igmpinfo and igmpsources are confirmed)
- Added serdesTestInit and serdesRx to level 0 serdes/ tree

All findings from Ghidra static analysis (2697 functions named).
No proprietary documentation was used.

Author: abeljouve