ERR/E1.4a: standalone try sema + pure-failable propagation + named widening

`try f()` (standalone form) now propagates a failable callee's error to the
enclosing failable function. E1.4 was split: E1.4a = standalone try (failure
target = function-propagation); E1.4b = fallback-target routing +
failable-`or` + whole-program SCC for inferred sets + empty-inferred warning.

- lowerExpr: `.try_expr` -> lowerTry
- lowerTry: (1) try legal only inside a failable fn; (2) the sole
  failable-operand check (errorChannelOf(inferExprType(operand))); (3)
  named-caller widening (checkErrorSetSubset at the propagation site); (4)
  pure-failable lowering — condBr on tag != 0: propagate (run defers + ret
  the widened tag) vs continue on success
- inferExprType: `.try_expr` arm (success type: void for pure-failable)
- lowerBinaryOp .or_op: bail loudly on a failable LHS (exprIsFailable);
  the optional-`or` path is unchanged for non-failable LHS
- value-carrying callee/caller `try` bail loudly (pending E2's tuple ABI)

Tests: examples/221-try.sx (positive propagation, exit 5),
examples/222-try-rejections.sx (3 stable rejections: outside-failable,
non-failable operand, named-widening miss; exit 1). Gates: zig build,
zig build test, 260/260 examples.

examples/221-try.sx

@@ -0,0 +1,32 @@
+// First runnable `try` (ERR step E1.4a). The STANDALONE form: a failable
+// expression whose failure propagates to the enclosing function's error
+// return (Zig-style). `outer` calls `try inner(n)` — on `inner`'s failure
+// `outer` returns that error; on success it continues. Both are pure
+// failable (`-> !E`). The error-channel tuple ABI for value-carrying
+// `-> (T, !)` and `try` in an `or` chain land in ERR E1.4b/E2.
+
+#import "modules/std.sx";
+
+E :: error { Bad, Worse }
+
+inner :: (n: s32) -> !E {
+    if n < 0 { raise error.Bad; }
+    return;                              // success — no error
+}
+
+// Propagates inner's error (standalone `try`, target = function return).
+outer :: (n: s32) -> !E {
+    try inner(n);
+    return;
+}
+
+main :: () -> s32 {
+    bad  := outer(-1);                   // inner raises Bad -> outer propagates
+    good := outer(7);                    // inner succeeds   -> outer succeeds
+    r : s32 = 0;
+    if bad  == error.Bad   { r = r + 5; }    // true  -> +5
+    if good == error.Bad   { r = r + 1; }     // false (success = no error)
+    if bad  == error.Worse { r = r + 2; }     // false (propagated Bad)
+    print("try result: {}\n", r);             // -> 5
+    return r;
+}

examples/222-try-rejections.sx

@@ -0,0 +1,41 @@
+// `try` rejections (ERR step E1.4a):
+//   - `try` is only valid inside a failable function,
+//   - the operand must be failable (the sole failable-operand check —
+//     the parser imposes none),
+//   - propagating a `try` whose callee's error set is not a subset of the
+//     caller's named set is rejected (widening at a function-propagation site).
+// The positive case lives in `examples/221-try.sx`.
+
+#import "modules/std.sx";
+
+A :: error { Xa }
+B :: error { Yb }
+
+ga    :: () -> !A  { return; }
+gb    :: () -> !B  { return; }
+plain :: () -> s32 { return 0; }
+
+// `try` in a non-failable function.
+bad_ctx :: () -> s32 {
+    try ga();                  // error: `try` outside a failable function
+    return 0;
+}
+
+// `try` on a non-failable operand.
+bad_operand :: () -> !A {
+    try plain();               // error: operand has type s32 (not failable)
+    return;
+}
+
+// Callee's set (B = {Yb}) is not a subset of the caller's set (A = {Xa}).
+widen :: () -> !A {
+    try gb();                  // error: Yb not in caller's error set A
+    return;
+}
+
+main :: () -> s32 {
+    a := bad_ctx();            // force bad_ctx to lower
+    b := bad_operand();        // force bad_operand to lower
+    c := widen();              // force widen to lower
+    return 0;
+}