fix(audit): exit silently on broken pipe

[fohte]

Purpose

• Piping runok audit --json | head -1 (or similar consumers that close stdout early) makes runok panic with failed printing to stdout: Broken pipe (os error 32), so a Rust backtrace is printed to stderr next to the JSON line

Reproduction steps

1. With at least one audit log entry recorded, run runok audit --json | head -1
2. One JSON line is printed, then the following panic backtrace lands on stderr

   thread 'main' panicked at library/std/src/io/stdio.rs:1165:9:
   failed printing to stdout: Broken pipe (os error 32)
   

Approach

• On Unix, restore the default SIGPIPE handler (SIG_DFL) at the start of main so the process exits silently on EPIPE
  • The Rust standard library installs SIG_IGN for SIGPIPE at startup, which turns pipe writes into io::Error and makes println! panic on the failure

# Before: backtrace is printed to stderr
$ runok audit --json | head -1
{"timestamp":...}
thread 'main' panicked at library/std/src/io/stdio.rs:1165:9:
failed printing to stdout: Broken pipe (os error 32)

# After: exits silently
$ runok audit --json | head -1
{"timestamp":...}

Design decisions

How to handle EPIPE

Decision	Design	Pros	Cons
Chosen	Restore SIGPIPE to SIG_DFL at the start of main	A single syscall covers every stdout/stderr writer in the binary	Requires an unsafe libc call
Rejected	Inspect the return value of writeln! per call site and swallow BrokenPipe	Cross-platform and needs no unsafe	The same handling has to be duplicated at every output site, and any future output path that forgets it brings the panic back

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.73%. Comparing base (23cc3e7) to head (a78e4c7).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #337      +/-   ##
==========================================
- Coverage   88.74%   88.73%   -0.02%     
==========================================
  Files          53       53              
  Lines       12163    12168       +5     
==========================================
+ Hits        10794    10797       +3     
- Misses       1369     1371       +2     

Flag	Coverage Δ
Linux	88.55% <100.00%> (-0.02%)	⬇️
macOS	89.91% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This pull request fixes a panic that occurs when runok audit --json is piped into a consumer that closes stdout early, such as head. The fix involves restoring the default SIGPIPE handler on Unix systems to ensure the process terminates silently on EPIPE. The changes include a new regression test and an update to the release notes. Feedback includes replacing a placeholder link in the documentation and optimizing string construction in the test suite by using String::with_capacity and writeln! to avoid inefficient repeated allocations.