feat(#370): view library content and invert delete-confirm flow

[NoveliaYuki]

Purpose

After importing a document into a Library, the only confirmation the import worked was the metadata row (size, status, plugin) — neither the CLI nor the UI exposed the rendered markdown. Users had to dig through Library Manager's filesystem or run DB queries to verify content. This PR adds a first-class view path on both surfaces, plus inverts the item-delete flow so the "Are you sure?" prompt is itself a guarantee that no Knowledge Store references the item.

Changes

View library item content

• New Creator Interface route GET /creator/libraries/{lib}/items/{item}/content that proxies the Library Manager content endpoint with ACL enforcement, a Literal["markdown", "text"] format whitelist (HTML is blocked at the proxy boundary — Library Manager's format=html is unsanitized), and a 5 MB inline-content size cap.
• New lamb library item-content <lib> <item> CLI command that writes the full markdown to stdout (no truncation, no paging — pipe to less if needed). Supports --format markdown|text and surfaces the 5 MB cap with a friendly error.
• New ItemContentModal.svelte viewer with max-w-3xl, scrollable body, Escape/overlay close, and a single Close button. Renders markdown via a new hardened sibling of renderMarkdownSafe — renderMarkdownStrict — that adds explicit FORBID_TAGS for iframe/object/embed/form/input/button/style and post-processes anchors to add target="_blank" + rel="noopener noreferrer".
• "View" row action on LibraryDetail for items in ready/completed status.
• i18n keys added in en/es/ca/eu.

Invert delete-confirm flow (also in this PR per request)

• New GET /creator/libraries/{lib}/items/{item}/kb-links pre-check endpoint returning the active KS references with the same shape used by the FR-10 409 body. Failed ingestions are excluded.
• LibraryDetail.requestDeleteItem now runs the pre-check before opening the modal. When blockers exist the modal opens directly in "blocked" mode (KS list + Remove buttons, no Confirm); when clean it opens in normal "Are you sure?" mode. The mere appearance of the confirm prompt now signals the item is free to delete.
• ConfirmationModal gets a hideConfirm prop so callers can suppress the primary action; the body's message is wrapped in {#if message} so an empty string renders nothing.
• The existing 409 path is preserved as a fallback for races between pre-check and DELETE.

Race-guard fix in the Create Knowledge wizard

• StepKSContent.loadItems could let a slower response for library A overwrite items belonging to library B if the user switched picks faster than the network. Added a request-sequence guard that discards stale resolutions; locked the contract with five source-level vitest assertions so it can't silently regress.

Tests

• 10 new backend pytest cases (/content happy path, ACL, unauth, format whitelist, size cap; /kb-links blockers, failed-filter, empty, ACL).
• 4 new CLI pytest cases (item-content markdown, text, invalid format, 413).
• 9 new vitest cases on renderMarkdownSafe/renderMarkdownStrict (XSS payload coverage).
• 5 new vitest cases on the wizard race-guard.
• 3 new Playwright cases on the /content endpoint.

All existing suites still green: backend 80/80, library-manager 52/52, CLI 60/60.

Security review

A separate review pass against this diff returned no findings — format is whitelisted server-side, HTML output is intentionally not exposed, the modal renders only renderMarkdownStrict output via {@html}, and Svelte's default interpolation escapes the rest. Passive external resources in markdown (<img src=external>) remain a pre-existing concern tracked separately in #369 (CSP header).

Related

• Closes feat(#370): view library item content from CLI and UI #370
• Refs feat(#369): add Content-Security-Policy header to LAMB backend #369 (CSP header — surfaced during this review)