test: add encrypted DB self-validation suite

[alanwiss]

What

Self-validation test suite for our SQLCipher Go binding — 7 integration tests plus benchmarks and a fuzz target that close the coverage gaps left by the upstream-inherited suite.

What we now cover (new)

• Crypto correctness — wrong key / no key must return ErrNotADB, not silent success
• Lifecycle persistence — close + reopen with the same key, data intact
• Concurrency — 100 goroutines × 50 ops under -race with errgroup
• Cipher page sizes — matrix 1k/4k/8k/16k all work
• Large data — 10k rows + 2 MB blob, byte-identical via sha256
• Encrypted-to-encrypted backup — ATTACH ... KEY + sqlcipher_export()
• PRAGMA rekey — rotation works, old key invalidated

Additional

• Benchmarks — BenchmarkInsert/SelectEncrypted as a baseline for regressions
• Fuzz — FuzzEncryptedDSNRoundTrip on the DSN parser surface
• goleak.VerifyTestMain — global goroutine leak detector across all tests, 0 leaks
• README — Scorecard badge + maintainer credit (@alanwiss)
• lefthook fix — golangci-lint --new-from-rev=HEAD --whole-files (gates new code without blocking upstream legacy)
• go.mod — bump to go 1.25.6 (clears GO-2026-4341)

Dependencies

• + go.uber.org/goleak v1.3.0 — leak detector
• + golang.org/x/sync v0.20.0 — errgroup