fed-sx-m1: Step 3c.b gen_server-mediated concurrent appends — next/kernel/log_server.erl + 15/15 log_server tests

`next/kernel/log_server.erl` (behaviour gen_server) wraps the pure Step 3c.a `log` substrate behind a per-actor process so
concurrent writers serialise through `gen_server:call` instead of racing on the disk segment writer.

API mirrors the pure log substrate:
  start_link(ActorId, BasePath)        -> Pid
  start_link(ActorId, BasePath, Opts)  -> Pid     %% Opts forwarded to log:open_disk/3
  append(Pid, Activity)                -> {ok, Seq}
  tip(Pid)                             -> Seq
  entries(Pid)                         -> [Activity, ...]
  replay(Pid, InitAcc, Fun)            -> Acc
  segments(Pid)                        -> [SegLen, ...]
  stop(Pid)                            -> ok

Per the port's gen_server convention, `gen_server:start_link/2` returns a raw Pid (not `{ok, Pid}`); the API takes the Pid
directly so multiple per-actor servers coexist without a registered-name collision.

`init/1` dispatches on the Opts arg to call either `log:open_disk/2` (default 1 GiB threshold = effectively no rotation) or
`log:open_disk/3` (opt-in `{segment_size, N}`). `handle_call/3` translates each public op to the corresponding pure log call
and threads the new state through.

New `next/tests/log_server.sh` (15 cases):
- API smoke: start_link returns a Pid, single append+tip+entries round-trip, replay/3 chronological, segments visible
  through the wrapper, rotation through wrapper with opt-in `{segment_size, 16}`, stop returns ok.
- Five concurrent-writer tests, each: spawn N=3 writers, each firing M=2 appends of `{I, J}`, parent waits on N `{done,_}`
  messages via a Y-combinator-shaped receive loop. Assertions cover (a) tip = N*M, (b) length(entries) = N*M, (c) every
  `{I, J}` pair appears exactly once via `lists:all/2` membership (no losses, no dupes), (d) reopening from disk via
  `log:open_disk/2` reproduces a byte-equal entries list, (e) every writer's index appears in the entries list
  (interleaving witnessed).

Erlang-port gotchas worked around this iteration:
(a) Named recursive fun `fun WaitFn(0) -> ok; WaitFn(K) -> ... end` errors as "fun-ref syntax not yet supported" — rewritten
    as `fun (_, 0) -> ok; (Self, K) -> ... Self(Self, K - 1) end` then called as `Wait(Wait, N)`.
(b) `lists:foreach/2` isn't registered (only `lists:map/2`) — use `lists:map/2` and discard the result list when running
    side-effecting closures.
(c) gen_server message round-trip in this interpreter is ~2s per call, so concurrent N*M was tuned to 6 (`N=3, M=2`) to
    keep the whole 15-test suite under 60s wall clock; the test's correctness assertions don't depend on N*M magnitude.

Erlang conformance **761/761** unchanged (log_server.erl is in next/, not lib/erlang/). Step 3c (both .a and .b) now
fully ticked in plans/fed-sx-milestone-1.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

next/kernel/log_server.erl

@@ -0,0 +1,85 @@
+-module(log_server).
+-behaviour(gen_server).
+-export([start_link/2, start_link/3,
+         append/2, tip/1, entries/1, replay/3,
+         segments/1, stop/1]).
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2]).
+
+%% Step 3c.b — gen_server in front of `log` that owns a single
+%% per-actor disk-backed log state and serialises concurrent
+%% appenders through `gen_server:call`.
+%%
+%% Architecture: the pure `log` module from Step 3c.a remains the
+%% canonical substrate (open_disk, append, tip, replay, entries,
+%% segments). This wrapper owns one log state per process; every
+%% public op (append/tip/entries/replay/segments) routes through
+%% gen_server:call so that the on-disk segment writer sees one
+%% append at a time, regardless of how many writer processes are
+%% pushing concurrently.
+%%
+%% Port notes carried from Step 5b's registry_server:
+%%   * `gen_server:start_link/2` returns the raw Pid, not `{ok,Pid}`.
+%%   * Spawned processes don't survive across separate
+%%     `erlang-eval-ast` invocations — every concurrency test has
+%%     to start the server, spin writers, join them, and assert all
+%%     within one eval expression.
+%%
+%% API takes the server Pid (not a registered name) so multiple
+%% per-actor servers can coexist without colliding on the registry.
+
+%% --- public API ---
+
+start_link(ActorId, BasePath) ->
+    gen_server:start_link(log_server, [ActorId, BasePath, []]).
+
+start_link(ActorId, BasePath, Opts) ->
+    gen_server:start_link(log_server, [ActorId, BasePath, Opts]).
+
+append(Pid, Activity) ->
+    gen_server:call(Pid, {append, Activity}).
+
+tip(Pid) ->
+    gen_server:call(Pid, tip).
+
+entries(Pid) ->
+    gen_server:call(Pid, entries).
+
+replay(Pid, InitAcc, Fun) ->
+    %% The fold runs server-side so the state stays consistent
+    %% with concurrent writers; the caller's Fun is closed over
+    %% the message and shipped opaque through gen_server:call.
+    gen_server:call(Pid, {replay, InitAcc, Fun}).
+
+segments(Pid) ->
+    gen_server:call(Pid, segments).
+
+stop(Pid) ->
+    gen_server:call(Pid, '$gen_stop').
+
+%% --- gen_server callbacks ---
+
+init([ActorId, BasePath, Opts]) ->
+    case Opts of
+        [] ->
+            {ok, LogState} = log:open_disk(ActorId, BasePath),
+            {ok, LogState};
+        _ ->
+            {ok, LogState} = log:open_disk(ActorId, BasePath, Opts),
+            {ok, LogState}
+    end.
+
+handle_call({append, Activity}, _From, State) ->
+    {ok, NewState, Seq} = log:append(State, Activity),
+    {reply, {ok, Seq}, NewState};
+handle_call(tip, _From, State) ->
+    {reply, log:tip(State), State};
+handle_call(entries, _From, State) ->
+    {reply, log:entries(State), State};
+handle_call({replay, InitAcc, Fun}, _From, State) ->
+    {reply, log:replay(State, InitAcc, Fun), State};
+handle_call(segments, _From, State) ->
+    {reply, log:segments(State), State}.
+
+handle_cast(_, S) -> {noreply, S}.
+
+handle_info(_, S) -> {noreply, S}.