Make a proper fuzzer trace file format

[MattWindsor91]

The fuzzer outputs a literal list of fuzzer actions as its replayable trace. This is pretty neat, but:

• it does so as an S-expression, which is fairly difficult to read and modify by hand (or by Python);
• the trace file could contain more information for robustness or usefulness, for example:
  • the input test name;
  • a hash of the input test (to prevent it from being run on other tests by accident);
  • some versioning information (to guard against changes in the fuzzer)
• there should be some tooling support in the Python etc. for doing bisection or other manipulations.

This also ties into the idea of eventually either replacing paths with IDs, or complementing them, as a way of noting which fuzzer actions should apply where.

[MattWindsor91]

Another benefit to having this in, say, JSON or TOML or summat is that it'll be easy to scrape histograms of applied actions, which in turn will tell us what the actual action take-up is, which might be useful in a paper or diagnostic situation.