fix(data-table) Harden sort whitelist and row_id selection handling

[karim-semmoud]

Summary

Hardens Corex.DataTable sort and selection handling without breaking existing apps.

• Sort: Server-side sort params are validated against a column whitelist. Sort.assign_for_sort/3 infers :sort_columns from row map keys when omitted. Database handlers must still assign an explicit whitelist and use parse_sort_by/2.
• Selection: Selectable list tables without row_id keep the legacy inspect/1 fallback but log a dev warning when :debug is enabled on :corex. Stream rows still default to the stream dom id. Docs and e2e demos recommend explicit row_id.

Changes

Library

Corex.DataTable.Sort

• Public parse_sort_by/2 rejects forged or unknown sort params.
• handle_sort/3 uses strict parsing; invalid params are ignored (no crash).
• assign_for_sort/3 infers :sort_columns from atom keys on the first row when the option is omitted.
• parse_sort_by(param, nil) returns :error for DB-backed handlers that must set :sort_columns explicitly.

Corex.DataTable

• resolve_row_id/1: stream + selectable defaults to fn {id, _} -> id end; list + selectable without row_id falls back to inspect/1 with optional dev warning.
• Checkbox attrs always use @row_id.(row) after resolution.
• Updated moduledoc for sortable and selectable patterns.

Corex.DataTable.Selection

• Doc note that :row_id must match the component and should not rely on the inspect fallback.

Tests

• test/components/data_table_sort_test.exs: inference, forged atoms, empty rows, explicit sort_columns: nil.
• test/components/data_table_test.exs: inspect fallback and tuple/stream-shaped row id behavior.

E2e

• Expanded data table demo (sort, select, full, style tabs).
• Patterns/style LiveViews use Sort.parse_sort_by/2, Sort.assign_for_sort/3, and Selection helpers consistently.

Non-breaking behavior

Scenario	Before	After
In-memory sort without :sort_columns	Any existing atom accepted	Whitelist inferred from row keys
DB sort without :sort_columns	Risk of accepting any atom	parse_sort_by/2 returns :error until whitelist is assigned
Selectable list without row_id	inspect/1 fallback	Same fallback + dev warning when :debug is on
Selectable stream without row_id	Stream dom id	Unchanged (now explicit in resolve_row_id/1)