fix(snapshot): protect keeper transaction from idle drops (#9)

[valehdba]

Fixes #9.

Root cause

pgclone.schema() / pgclone.database() export a snapshot on a "keeper" connection and leave it idle-in-transaction for the bulk of the clone — hours, in the original report. Three independent paths can silently terminate that keeper and invalidate every subsequent SET TRANSACTION SNAPSHOT importer with the misleading server message ERROR: invalid snapshot identifier:

1. Firewall / NAT idle TCP drop on remote source connections (the reporter's case: ~2h 15min clone via host alias, classic perimeter idle timeout). The keeper had no keepalives=* in its conninfo, so the OS default (Linux: 7200s before the first probe) was far too lazy to keep the firewall warm.
2. idle_in_transaction_session_timeout on the source server — a common production safeguard that will kill the keeper without our consent.
3. statement_timeout firing on COMMIT.

PostgreSQL emits invalid snapshot identifier both for malformed IDs and for IDs whose backing file has been reaped, which is why the reporter's correctly-formatted PG 18 snapshot ID (000000A6-000C4299-1) was rejected — the keeper had been killed and the file removed.

Fix — four layers, all PG 14–18 compatible

• pgclone_connect_with_keepalives() — parse conninfo with PQconninfoParse, inject keepalives=1 keepalives_idle=30 keepalives_interval=10 keepalives_count=6 only if the user did not set them, connect via PQconnectdbParams. Handles both URI (postgresql://...) and keyword-form strings. ~90s drop detection.
• pgclone_begin_repeatable_read() — SET LOCAL idle_in_transaction_session_timeout = 0 and SET LOCAL statement_timeout = 0 inside the keeper transaction. Both PGC_USERSET; SET LOCAL reverts at COMMIT so pooled connections never leak settings.
• pgclone_begin_with_imported_snapshot() — when the server returns invalid snapshot identifier, attach a clear errhint naming the most likely causes and the {"consistent": false} opt-out.
• pgclone_keeper_ping() — cheap SELECT 1 on the keeper before each per-table call and before every sub-phase of pgclone_schema() (FK retry, views, functions, triggers) and pgclone_database() (per-schema loop). Surfaces a clear error naming the keeper instead of letting the next importer waste a COPY before hitting the misleading message.

Files changed

File	Change
src/pgclone.c	New helpers + harden keeper BEGIN + clearer errhint + 6 ping sites. Version string → 4.3.1.
pgclone.control	default_version = '4.3.1'
sql/pgclone--4.3.1.sql	New — identical to 4.3.0, no signature changes
sql/pgclone--4.3.0--4.3.1.sql	New — empty upgrade with changelog
test/test_snapshot_keeper.sh	New regression: sets idle_in_transaction_session_timeout = 1s on source role and runs a 5-table clone; without the fix the keeper is killed mid-loop.
test/run_tests.sh	Wires the new test into the Docker runner
.github/workflows/ci.yml	Adds the new test step (spaces only, fail-fast: false matrix preserved)
docs/ARCHITECTURE.md	New "Snapshot-keeper resilience (v4.3.1)" section

Verification

• Compiles clean against PG 16 in a fresh build (only the two pre-existing warnings at pgclone.c:3867 / :1089, both outside this diff).
• The CI matrix (14/15/16/17/18) will exercise the new keeper-resilience test on every supported version.
• No backward-compat break: existing conninfo strings are preserved (only injected keepalives if the user didn't set any); consistent=>false opt-out is unchanged.

After merge

git checkout main && git pull
git tag -a v4.3.1 -m "v4.3.1 — snapshot-keeper resilience (#9)"
git push origin v4.3.1

Then on the reporter's host:

make clean && make && sudo make install
psql -d itiniris_cl -c "ALTER EXTENSION pgclone UPDATE;"