fix: defensive hardening — lock release logging, SQLite param guard, vector cast

Three defensive improvements found via peer code review:

1. lock.rs: Lock release errors were silently discarded with `let _ =`.
   If the DELETE failed (disk full, corruption), the lock stayed in the
   database with no diagnostic. Next sync would require --force with no
   clue why. Now logs with error!() including the underlying error message.

2. filters.rs: Dynamic SQL label filter construction had no upper bound
   on bind parameters. With many combined filters, param_idx + labels.len()
   could exceed SQLite's 999-parameter limit, producing an opaque error.
   Added a guard that caps labels at 900 - param_idx.

3. vector.rs: max_chunks_per_document returned i64 which was cast to
   usize. A negative value from a corrupt database would wrap to a huge
   number, causing overflow in the multiplier calculation. Now clamped
   to .max(1) and cast via unsigned_abs().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/search/vector.rs

@@ -50,8 +50,8 @@ pub fn search_vector(
         .flat_map(|f| f.to_le_bytes())
         .collect();
 
-    let max_chunks = max_chunks_per_document(conn);
-    let multiplier = ((max_chunks as usize * 3 / 2) + 1).max(8);
+    let max_chunks = max_chunks_per_document(conn).max(1);
+    let multiplier = ((max_chunks.unsigned_abs() as usize * 3 / 2) + 1).max(8);
     let k = limit * multiplier;
 
     let mut stmt = conn.prepare(