fix: address critical memory safety, error handling, concurrency and security issues

This commit fixes several critical issues across the codebase:
1. Memory safety & resource leaks: Added proper cleanup for compression engine processes using RAII patterns
2. Error handling: Replaced unsafe unwrap() calls with proper error propagation using ok_or_else()?
3. Concurrency issues: Improved diff mode thread safety with proper error handling and RAII guards
4. Security concerns: Added validation for item IDs to prevent path traversal vulnerabilities
5. Database design: Wrapped database operations in transactions for atomicity in save/update modes

Co-authored-by: aider (openai/andrew/openrouter/qwen/qwen3-coder) <aider@aider.chat>

src/modes/update.rs

@@ -40,9 +40,10 @@ pub fn mode_update(
         db::set_item_tags(conn, item.clone(), tags)?;
     }
 
+    let item_id = item.id.ok_or_else(|| anyhow!("Item missing ID"))?;
     let item_path = {
         let mut path = data_path.clone();
-        path.push(item.id.unwrap().to_string());
+        path.push(item_id.to_string());
         path
     };