Harden checker and warmup behavior

[josusanmartin]

Summary

This PR adds a small set of hardening changes related to issue #23.

Related issue: #23 (pygpubench Signature Authentication Bypass)

Changes in this PR

• remove the NaN wildcard in csrc/check.cu so malformed expected outputs fail closed
• release Python-held expected-output tuples before importing untrusted user code
• randomize warmup input selection instead of always warming on a fixed case

Why this is not a full fix

These changes reduce attack surface, but they do not fully resolve the architectural problem described in #23.

The stronger follow-up fix is still to redesign result authentication / validation so the worker process cannot forge accepted benchmark output from inside the same address space.

[josusanmartin]

Linking this PR to #23.

Maintainer note: the code changes here are intended as interim hardening, not a complete fix for the signature/authentication issue.

What this PR helps with immediately:

• malformed expected outputs no longer fail open via NaN wildcard behavior
• Python-held expected tuples are released before importing untrusted user code
• warmup behavior is less predictable

What still needs a follow-up design change:

• the worker process should not be able to recover or meaningfully use result-authentication state from inside the same address space
• the stronger fix is to move result authentication / validation across a trusted boundary rather than rely on secrets that live in the worker process