refactor: streaming, security hardening, and MCP removal

Major overhaul of server architecture and security posture:

- Streaming: Unified all I/O through PIPESIZE (8192-byte) buffers.
  POST bodies stream via MpscReader through the save pipeline. GET
  content streams from disk via decompression to client. Removed
  save_item_with_reader, get_item_content_info, ChannelReader.
  413 responses keep partial items (nonfatal by design).

- Security: XSS protection in all HTML pages via html_escape crate.
  Security headers middleware (nosniff, frame deny, referrer policy).
  CORS tightened to explicit headers. Input validation for tags
  (256 chars), metadata (128/4096), pagination (10k cap). Config
  file reads use from_utf8_lossy. Generic error messages in HTML.
  Diff endpoint has 10 MB per-item cap. max_body_size config option.

- Panics eliminated: Path unwraps → proper error propagation.
  Mutex unwraps → map_err (registries) / expect with message (local).

- MCP removed: Deleted all MCP code, rmcp dependency, mcp feature.

- Docs: Updated README, DESIGN, AGENTS to reflect all changes.

Cargo.toml

@@ -44,7 +44,6 @@ comfy-table = "7.2"
 pwhash = "1.0"
 regex = "1.10"
 ringbuf = "0.4"
-rmcp = { version = "0.2", features = ["server"], optional = true }
 rusqlite = { version = "0.37", features = ["bundled", "array", "chrono"] }
 rusqlite_migration = "2.3"
 serde = { version = "1.0", features = ["derive"] }
@@ -71,6 +70,7 @@ pest = "2.8"
 pest_derive = "2.8"
 dirs = "6.0"
 similar = { version = "2.7", default-features = false, features = ["text"] }
+html-escape = "0.2"
 ureq = { version = "3", features = ["json"], optional = true }
 os_pipe = { version = "1", optional = true }
 axum-server = { version = "0.8", features = ["tls-rustls"], optional = true }
@@ -102,9 +102,6 @@ all-filter-plugins = []
 # Individual plugin features
 magic = ["dep:magic"]
 
-# MCP feature (Model Context Protocol support)
-mcp = ["dep:rmcp"]
-
 # Swagger UI feature
 swagger = ["dep:utoipa-swagger-ui"]