fix: security + multi-agent hardening — transactions, busy_timeout, input limits

[pszymkowiak]

Summary

Deep security + multi-agent concurrency audit fixes. Makes ICM safe for multiple agents writing to the same database simultaneously.

Critical fixes (3):

• BEGIN IMMEDIATE in all write transactions (prevents race conditions between agents)
• PRAGMA busy_timeout=5000 on every connection (retry instead of fail on lock contention)
• MCP server 10MB line length limit (prevents OOM from malicious clients)

High fixes (2):

• store() wrapped in atomic transaction (2 INSERTs now atomic — memories + vec_memories)
• consolidate_topic() calls store_inner() to avoid nested transactions

Medium fixes (3):

• Memoir/concept name+definition length validation (255/10k chars)
• UTF-8 safe FTS query truncation (is_char_boundary() instead of raw byte slice)
• Atomic auto-decay check (single SQL with julianday() comparison, prevents double-apply)

Tests: 185 total (+3 new)

• test_store_is_atomic
• test_busy_timeout_pragma
• test_fts_sanitize_utf8_safe

Test plan

• 185 tests pass
• cargo fmt clean

🤖 Generated with Claude Code