Audit and tighten broad `except Exception:` blocks in the audit path

[franconicola]

Problem. ~235 except Exception: occurrences across the package. Many are in code paths that produce compliance-relevant audit artifacts (tracking decorators, router dispatch, evaluator). A crashed tracking step today is invisible to the user, so a "no findings" run cannot be trusted.

Hot spots (start here):

• router/tracking/decorators.py:82, 95, 141, 157
• router/tracking/tracker.py:151, 238, 273
• router/router.py:285, 433, 622
• attacks/orchestrator.py
• attacks/evaluator/
• utils.py:136 (lower priority — config load)

Actions.

• Inventory every except Exception in the package (rg -n 'except Exception' hackagent/).
• Classify each: (a) replace with a specific exception type, (b) keep broad but log with exc_info=True and re-raise, or (c) keep broad but record a structured {step, status: "failed", error} entry in the run so the user sees it.
• Add a unit test that injects a tracking-side exception and asserts the run output reflects it.
• Document the policy in CONTRIBUTING.md ("never silently swallow in audit-bearing code").

Acceptance: zero silent swallowers remain in router/tracking/, attacks/orchestrator.py, attacks/evaluator/. A failing tracking step appears in the run record with a clear status.