- clang-tidy enables the clang-analyzer-* group by default; in this
codebase it only yields false positives (intentional moved-from
asserts, a bitmask enum cast) and noise inside third-party boost
headers that HeaderFilterRegex does not filter
- prefix the check list with -* so only the explicitly curated checks run
- drop the broad `cppcoreguidelines-*` glob: it produced ~4500 findings
(magic numbers, non-private members, owning-memory, pointer arithmetic,
...) that are aspirational and out of scope for the warning gate
- drop modernize-use-equals-default: in this codebase it only yields
false/unsafe positives, e.g. `= default` on a constructor that
explicitly initializes atomic members (which default-init leaves
indeterminate in C++17), and invalid output on constructors with a
member-init list
- drop modernize-pass-by-value: it rewrites constructor parameters to
by-value + std::move, changing public constructor signatures, which is
an ABI-relevant change unsuitable for a library's public headers
- keep the deliberately-listed modernize/readability/performance checks
