feat(storage): atomic writes, repair/restore CLI, safe temp cleanup

[KakashiTech]

What

• Make writes atomic with fsync(file)+rename+fsync(dir).
• Safe cleanup for .oc-*.tmp only.
• Extend storage repair with dry-run, prefix, limits, JSON report.
• Add storage restore to recover from quarantine.

Why

• Prevent partial JSON corruption.
• Provide operable, auditable recovery with minimal risk.

Details

• Fallback to Node fs.fsync if FileHandle.sync() is absent.
• repair coordinates with writers using Lock.tryWrite(); busy files are skipped and reported.
• Report fields: time, base, quarantined, tempRemoved, skippedLocked, processed*, entries.

DX

• JSON-only output for scripting; flags documented in --help.

Tests

• Added tests for dry-run/restore and temp cleanup pattern.
• Roundtrip validation for read/write unchanged.

Risks/Trade-offs

• Slight I/O overhead; acceptable for consistency.
• Best-effort semantics on non-POSIX FS are documented.

Follow-ups

• Optional: quarantine retention policy.
• Optional: global maintenance lock.
• Optional: schema sentinel for semantic corruption.

Closes #7733

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found