test: tighten IDNA digit-fold fixture coverage and refresh baseline

Three fixture changes plus a baseline refresh:

- Drop the two Devanagari positives. Empirical testing against
  golang.org/x/net/idna v0.53.0 confirms that U+0966..U+096F do not
  fold to ASCII via UTS-46; they pass through Punycode (xn--*) on all
  four profiles. Keeping the cases in would be misleading because the
  query fires structurally without the runtime smuggle ever existing.
- Add two positives covering Profile.ToUnicode on Latin-1 and Math
  superscript inputs. The library runs validateAndMap before the
  encode-vs-decode branch, so ToUnicode produces the same digit-folded
  ASCII output as ToASCII for the in-scope codepoints. The earlier
  fixture only exercised ToASCII despite the model handling both.
- Add three negatives. Two pin the ParseCIDR and ParsePrefix branches
  of the recheck-input predicate, which had no sink-reaching coverage
  before. The third pins the documented exclusion of the package-level
  idna.ToASCII helper against future broadening of the call matcher.

Baseline refreshed via codeql test run --learn after the fixture
changes shifted line numbers and the new select message text replaced
the old one.

Author: astrogilda