fix: security hardening and code quality

- SQL query mode uses read-only SQLite connection with PRAGMA query_only=ON
- Lua sandbox removes dofile/loadfile/load after OpenBase to block file access
- Plugin manager sorts by priority once at load time; GetPlugins is a plain copy
- Proxy appends [body truncated] marker when body hits size limit
- App startup exits with os.Exit(1) on DB open failure
- tickCmd uses tea.Tick instead of time.Sleep in a goroutine
- ErrMsg with non-nil error shows notification then quits
- DB stores path for use by read-only query connection
- WAL journal mode + NORMAL synchronous set in migrate()
- config.go uses errors.Is(err, os.ErrNotExist)
- main.go uses os.UserHomeDir() and removes racy port pre-check
- findings renderer is cached and rebuilt only on width change

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/plugins/lua.go

@@ -16,7 +16,6 @@ func newLuaState(mgr *Manager, p *Plugin) *lua.LState {
 		name string
 		fn   lua.LGFunction
 	}{
-		{lua.LoadLibName, lua.OpenPackage},
 		{lua.BaseLibName, lua.OpenBase},
 		{lua.TabLibName, lua.OpenTable},
 		{lua.StringLibName, lua.OpenString},
@@ -27,6 +26,10 @@ func newLuaState(mgr *Manager, p *Plugin) *lua.LState {
 		L.Push(lua.LString(lib.name))
 		L.Call(1, 0)
 	}
+	// Remove filesystem-access functions to prevent plugins from reading/executing arbitrary files.
+	for _, name := range []string{"dofile", "loadfile", "load"} {
+		L.SetGlobal(name, lua.LNil)
+	}
 	registerUtilities(L, mgr, p)
 	return L
 }