feat: harden user file handling and gate LaunchServices rebuild (#159)

- add ensure_user_dir/ensure_user_file helpers in lib/core/base.sh, including
  sudo-aware ownership correction under the invoking user’s home
- use the helpers across clean/optimize/purge/uninstall/whitelist to create
  cache and export files safely (no naked mkdir/touch), including log files and
  dry-run exports
- ensure purge stats/count files and update message caches are pre-created with
  safe permissions
- add Darwin version helpers and skip LaunchServices/dyld rebuild on macOS 15+,
  keeping the existing corruption protection for earlier versions
- guard brew cache timestamp writes and TCC permission flags with safe file
  creation to avoid root-owned artifacts

lib/check/all.sh

@@ -174,7 +174,7 @@ CACHE_DIR="${HOME}/.cache/mole"
 CACHE_TTL=600 # 10 minutes in seconds
 
 # Ensure cache directory exists
-mkdir -p "$CACHE_DIR" 2> /dev/null || true
+ensure_user_dir "$CACHE_DIR"
 
 clear_cache_file() {
     local file="$1"
@@ -302,6 +302,7 @@ check_mole_update() {
             latest_version=$(curl -fsSL https://api.github.com/repos/tw93/mole/releases/latest 2> /dev/null | grep '"tag_name"' | sed -E 's/.*"v?([^"]+)".*/\1/' || echo "")
             # Save to cache
             if [[ -n "$latest_version" ]]; then
+                ensure_user_file "$cache_file"
                 echo "$latest_version" > "$cache_file" 2> /dev/null || true
             fi
         fi