docs(qemu): clarify post_exec runs after harness completion

[Tanmay140906]

Description

This PR clarifies the execution timing of EmulatorHooks::post_exec, documenting
that it runs after the harness completes and after snapshot restoration.

It also adds a small lifecycle note in the qemu_baremetal low-level example to
make it explicit that qemu().run() completes the full harness execution cycle.

This resolves the confusion described in #2765 regarding guest memory reads in
post_exec.

Checklist

• I have run ./scripts/precommit.sh and addressed all comments

[Tanmay140906]

CI failure appears unrelated to this change.
cargo doc --no-deps passes locally; the failure occurs in the qemu_tmin
runtime test (Fuzzer-respawner, child exited with 0), which is outside the
scope of this PR.

[Tanmay140906]

@rmalmain , could you please review this PR and guide me for GSoC 2026? I am trying to make contributions to LibAFL for being selected in GSoC and I need some guidance and answers to few of my questions. Could you please help me?

[tokatoka]

there's no guarantee that we are participating in GSoC 2026.

[Tanmay140906]

Okay