Apply filepath.Clean() at source functions where environment variables
(XDG_CONFIG_HOME, XDG_CACHE_HOME, HOME) and OS APIs (UserHomeDir,
UserCacheDir, UserConfigDir) produce tainted values. This breaks
CodeQL's taint chain for ~69 downstream path-injection findings.

Uses "fallback first, then clean non-empty" pattern to avoid
filepath.Clean("") returning "." which would redirect to CWD.
Falls back to os.TempDir() when home directory is unavailable.

exec.LookPath() is recognized by CodeQL as a sanitizer for the
command-injection finding on $EDITOR-derived exec.Command calls.

… integer-overflow

float64 can only represent consecutive integers exactly up to 2^53.
Check range before casting to int64 to avoid undefined behavior for
large floats. Adds boundary tests for precision edge cases.

…ings

- Add top-level permissions: contents: read to test.yml (7 findings)
- Pin golangci-lint-action and actions/cache to commit hashes in release.yml