fix: security hardening and code quality

- SQL query mode uses read-only SQLite connection with PRAGMA query_only=ON
- Lua sandbox removes dofile/loadfile/load after OpenBase to block file access
- Plugin manager sorts by priority once at load time; GetPlugins is a plain copy
- Proxy appends [body truncated] marker when body hits size limit
- App startup exits with os.Exit(1) on DB open failure
- tickCmd uses tea.Tick instead of time.Sleep in a goroutine
- ErrMsg with non-nil error shows notification then quits
- DB stores path for use by read-only query connection
- WAL journal mode + NORMAL synchronous set in migrate()
- config.go uses errors.Is(err, os.ErrNotExist)
- main.go uses os.UserHomeDir() and removes racy port pre-check
- findings renderer is cached and rebuilt only on width change

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/ui/app/model.go

@@ -1,6 +1,7 @@
 package app
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"path/filepath"
@@ -31,10 +32,9 @@ const tickInterval = 2 * time.Second
 type tickMsg struct{}
 
 func tickCmd() tea.Cmd {
-	return func() tea.Msg {
-		time.Sleep(tickInterval)
+	return tea.Tick(tickInterval, func(time.Time) tea.Msg {
 		return tickMsg{}
-	}
+	})
 }
 
 var sidebarEntries = pageRegistry
@@ -94,14 +94,17 @@ func New(broker *intercept.Broker, name, path string) Model {
 		sidebarState:  sidebarState(cfg.TUI.DefaultSidebarState),
 	}
 
-	if d, err := db.Open(path); err == nil {
-		m.database = d
-		broker.SetDB(d)
-		m.history.SetDB(d)
-		m.replay.SetDB(d)
-		m.findingsPage.SetDB(d)
-		mgr.SetDB(d)
+	d, err := db.Open(path)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "db: %v\n", err)
+		os.Exit(1)
 	}
+	m.database = d
+	broker.SetDB(d)
+	m.history.SetDB(d)
+	m.replay.SetDB(d)
+	m.findingsPage.SetDB(d)
+	mgr.SetDB(d)
 
 	pluginsDir := config.ExpandPath(cfg.App.PluginsDir)
 	if err := mgr.LoadFromDir(pluginsDir); err != nil {