feat: prompt for query placeholders before run

[killertux]

Summary

• Detect $1, $2, … and :name in user SQL and open a popup that collects values before dispatch.
• Substitute values as text — users type 'foo', 42, NULL, or any SQL expression; works identically across Postgres / MySQL / SQLite without per-driver bind plumbing.
• Persist the last execution's values per (connection, normalized SQL) under .rowdy/params/<conn>.json; re-running the same statement re-opens the popup pre-filled.

Notes

• Placeholder detection uses sqlparser::tokenizer, so $1 or :name inside string literals and comments are correctly ignored.
• MySQL admits $ as an identifier-start, so $N tokenizes as a Word there — handled explicitly.
• ? is intentionally not treated as a placeholder (would collide with LIKE '%?%').
• Help popover gained a "Query parameters popup" section.

Test plan

• cargo test — 575 passed (13 new in placeholders, 3 in param_history).
• cargo clippy — clean.
• Manual: SELECT * FROM pg_stat_activity WHERE pid = $1 → popup, enter pg_backend_pid(), runs. Re-run pre-fills.
• Manual: query without placeholders runs unchanged (regression).
• Manual: destructive query with placeholders (DELETE FROM t WHERE id = $1) shows destructive confirm first, then params popup.
• Manual: edit the query (rename a column) → popup is empty again (hash changed).
• Manual: quit & relaunch → same query/connection → values still pre-filled.