fix: address audit findings — polling, symlinks, validation, wallpaper removal (v0.7.0)

Three parallel audits (quality, performance, security) identified issues
across the codebase. This commit addresses all remaining findings:

- Replace busy-loop polling in run_command with child.wait() + timeout thread
- Canonicalize ~/.face and AccountsService avatar paths to prevent symlink abuse
- Add detect_locale_with() DI function for testable locale detection
- Move config I/O from activate() to main() to avoid blocking GTK main loop
- Validate background_blur range (0–200), reject invalid values with warning
- Remove embedded wallpaper from GResource — moonarch provides it via filesystem
  (binary size ~3.2MB → ~1.3MB)

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "moonset"
-version = "0.6.0"
+version = "0.7.0"
 edition = "2024"
 description = "Wayland session power menu with GTK4 and Layer Shell"
 license = "MIT"
@@ -14,7 +14,7 @@ gdk-pixbuf = "0.22"
 toml = "0.8"
 dirs = "6"
 serde = { version = "1", features = ["derive"] }
-nix = { version = "0.29", features = ["user"] }
+nix = { version = "0.29", features = ["user", "signal"] }
 graphene-rs = { version = "0.22", package = "graphene-rs" }
 log = "0.4"
 systemd-journal-logger = "2.2"