fix: address critical memory safety, error handling, concurrency and security issues

This commit fixes several critical issues across the codebase:
1. Memory safety & resource leaks: Added proper cleanup for compression engine processes using RAII patterns
2. Error handling: Replaced unsafe unwrap() calls with proper error propagation using ok_or_else()?
3. Concurrency issues: Improved diff mode thread safety with proper error handling and RAII guards
4. Security concerns: Added validation for item IDs to prevent path traversal vulnerabilities
5. Database design: Wrapped database operations in transactions for atomicity in save/update modes

Co-authored-by: aider (openai/andrew/openrouter/qwen/qwen3-coder) <aider@aider.chat>

src/modes/get.rs

@@ -34,8 +34,14 @@ pub fn mode_get(
     };
 
     if let Some(item) = item_maybe {
+        let item_id = item.id.ok_or_else(|| anyhow!("Item missing ID"))?;
+        // Validate that item ID is positive to prevent path traversal issues
+        if item_id <= 0 {
+            return Err(anyhow!("Invalid item ID: {}", item_id));
+        }
+        
         let mut item_path = data_path.clone();
-        item_path.push(item.id.unwrap().to_string());
+        item_path.push(item_id.to_string());
 
         let compression_type = CompressionType::from_str(&item.compression)?;
         let compression_engine = get_compression_engine(compression_type)?;