fn maybe_crash(phase: &str)Expand description
Test-only crash injection. When the MZ_DEPLOY_FAIL_AT environment variable
matches phase, abort the process immediately — no unwinding, no cleanup —
to faithfully simulate a crash at that boundary so promote’s resume paths can
be exercised end to end. Inert in normal use (the variable is never set).
Boundaries: after-markers (markers written, swap not committed → PreSwap),
after-swap (swap committed → PostSwap), after-post-swap (post-swap work
done, markers not yet cleaned up → PostSwap).