Set a sensible default HTTP timeout in HackAgent

[franconicola]

Problem. HackAgent.init() accepts timeout: Optional[float] = None. A None propagates to AuthenticatedClient and ultimately to httpx, which can hang on a misbehaving endpoint.

Actions.

• Change the default to 120.0 (or document a tuned default per backend type).
• Update the docstring's timeout description to state the new default.
• Add a unit test that the client receives the configured timeout.
• Note in CHANGELOG.md — this is user-observable behavior.

Files: hackagent/agent.py:65, hackagent/server/client.py.

Acceptance: an unreachable endpoint fails within ~120 s by default; users can still pass timeout=None explicitly to opt out.