Add Semgrep guardrail against unwrap/expect in examples, benches, and doctests

[acgetchell]

Summary

Add repository-owned Semgrep rules that reject .unwrap() and .expect(...) in user-facing Rust examples, benchmarks, and public doctests.

Current State

la-stack currently has local Semgrep rules for Rust/library hygiene, but it does not have the user-facing panic guardrails present in ../causal-triangulations:

• causal-triangulations.rust.no-unwrap-expect-in-doctests
• causal-triangulations.rust.no-unwrap-expect-in-benches-examples

This matters more after the API correctness work that made several operations fallible. Examples, doctests, and benchmarks should teach explicit error handling rather than panic-based control flow.

Proposed Changes

• Add a generic doctest rule for /// / //! Rust documentation lines that contain .unwrap() or .expect(...).
• Add a Rust rule for /examples/**/*.rs and /benches/**/*.rs that flags .unwrap() and .expect(...).
• Add Semgrep fixtures for both rules, following the causal-triangulations pattern.
• Update existing examples, benchmarks, README doctests, and public API doctests to use typed Result flow, ?, or explicit match/if let handling as appropriate.
• Keep test code free to use unwrap/expect where it makes assertion intent clearer.

Benefits

• Public examples model the error handling users should copy.
• Benchmark fixture failures identify the operation that failed instead of teaching panic shortcuts.
• CI catches regressions whenever new fallible APIs are documented or benchmarked.

Implementation Notes

Use ../causal-triangulations/semgrep.yaml as the starting point, especially the doctest and benches/examples unwrap rules around the Rust style guardrails.

Related follow-up from #83 API correctness work.