Move compute_simhash off the process pool (run_in_executor_mp) onto the
CPU thread pool (run_in_executor_cpu) via a new _response_similarity
helper. Simhash work is short and inputs are truncated to ~3KB inside
compute_simhash, so pickle/IPC overhead and broken-pool risk outweigh
any parallelism win — and the recent 300s timeout on run_in_executor_mp
was orphaning _test_virtualhost tasks with uncaught TimeoutError.

Also remove stale 'CurlError'/'curl error' debug strings left over from
the curl-helper removal.

… DictHostEvent compatibility

…lhost (vestigial name, no curl in body)

…sets

…http.mock

Rides on blasthttp 0.5.0's new httpx-style Response API
(status_code, text, content, headers as case-insensitive Headers,
cookies, raw_headers, hash, peer_ip, request, json(),
raise_for_status() raising HTTPStatusError) and the new
blasthttp.mock submodule.

Wrapper removal
---------------
Delete bbot/core/helpers/web/blast_response.py — its job (presenting
blasthttp's PyO3 Response with an httpx-shaped surface) is now done
natively by blasthttp.Response.

  - WebHelper.request: returns the native blasthttp.Response instead
    of wrapping. Same downstream surface.
  - WebHelper.request_batch_stream: same — yields the native
    blasthttp.Response.
  - download() / raise_for_status: BlasthttpHTTPError → blasthttp.HTTPStatusError.

Mock migration
--------------
bbot/test/mock_blasthttp.py is now a thin wrapper over
blasthttp.mock.BlasthttpMock. The generic mock infrastructure
(handler queue with FIFO + recycle, URL/method/header/json
predicates, sync + async callbacks, batch streaming) lives upstream.
This module keeps the bbot-specific surface:

  - handle_engine_request: WebHelper kwarg translation (auth tuple
    → Authorization header, cookies dict → Cookie header,
    json/data body assembly, raise_error → engine-style error dict,
    allow_redirects → follow_redirects).
  - handle_batch_stream(real_client, ...): per-call real_client
    splitting, since the WebHelper's blasthttp client isn't available
    at fixture construction time.

`MockRequest`, `MockResponse`, `TimeoutException`, and the
`add_response` / `add_callback` / `should_intercept` API are all
re-exported / forwarded so the 68 module tests using them keep
working unchanged.

Module-level fixes for the new Headers API
------------------------------------------
The blasthttp.Headers class iterates as Python-dict-style keys
(httpx convention), not list-of-tuples. Three places in bbot
were unpacking headers as tuples:

  - http.py: replaced manual raw_header build with
    response.raw_headers (also lazy on the blasthttp side).
    header_dict loop now uses .items().
  - web_brute.py: location lookup uses .items().
  - url_manipulation.py: subject_content now uses raw_headers
    instead of stringifying the list of tuples.

diff.py compare_headers needed no special handling — blasthttp
0.5.0 registers Headers with collections.abc.MutableMapping so
DeepDiff recognizes it natively.

Pin
---
pyproject.toml: blasthttp dep bumped >=0.3.2 → >=0.5.0.

resolved_hosts can include CNAME targets (hostnames) alongside A/AAAA
records, so the previous code emitted hostnames in the VIRTUAL_HOST
event's 'ip' field. Filter to actual IPs at the probe-candidate sites,
and use blasthttp's response.peer_ip (with host_ip fallback) for the
emitted ip — that's the ground-truth IP the response came from.