fix: move payload init out of DllMain to avoid loader lock deadlock

RcxPayloadInit() is now an exported function called after LoadLibrary
returns. DllMain only handles cleanup on detach. Timer queue creation
under the loader lock was crashing target processes.

plugins/RemoteProcessMemory/tests/test_rpc_host.cpp

@@ -125,6 +125,15 @@ int main(int, char**)
                 plPath, GetLastError());
         return 1;
     }
+
+    /* Call RcxPayloadInit() — DllMain is minimal, init must be explicit */
+    typedef bool (*RcxPayloadInitFn)();
+    auto pfnInit = (RcxPayloadInitFn)GetProcAddress(hPayload, "RcxPayloadInit");
+    if (!pfnInit || !pfnInit()) {
+        fprintf(stderr, "ERROR: RcxPayloadInit() failed or not found\n");
+        FreeLibrary(hPayload);
+        return 1;
+    }
 #else
     void* hPayload = dlopen(plPath, RTLD_NOW);
     if (!hPayload) {