release: v1.1.3 — security hardening, edition 2024, dependency updates

Security:
- Fix RUSTSEC-2026-0007 (bytes integer overflow)
- Restrict SQLite database file permissions to 0600 on Unix
- Add 100KB size limit to intention descriptions (DoS prevention)
- Redact JSON-RPC payloads from debug logs (data leakage prevention)
- Update SECURITY.md with encryption docs and supported versions

Modernization:
- Upgrade Rust edition 2021 → 2024, MSRV 1.75 → 1.85
- Upgrade actions/checkout@v4 → v5, codecov/codecov-action@v3 → v5
- Update all dependencies to latest compatible versions
- Fix edition 2024 match ergonomics in compression.rs

Clippy fixes:
- Rename from_str → parse_name to avoid shadowing FromStr trait
- Replace .max().min() with .clamp()
- Replace sort_by with sort_by_key

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

crates/vestige-mcp/src/protocol/stdio.rs

@@ -37,7 +37,7 @@ impl StdioTransport {
                 continue;
             }
 
-            debug!("Received: {}", line);
+            debug!("Received: {} bytes", line.len());
 
             // Parse JSON-RPC request
             let request: JsonRpcRequest = match serde_json::from_str(&line) {
@@ -66,7 +66,7 @@ impl StdioTransport {
             if let Some(response) = server.handle_request(request).await {
                 match serde_json::to_string(&response) {
                     Ok(response_json) => {
-                        debug!("Sending: {}", response_json);
+                        debug!("Sending: {} bytes", response_json.len());
                         writeln!(stdout, "{}", response_json)?;
                         stdout.flush()?;
                     }