refactor: harden ssh_config handling, mount path, and CLI UX from audit findings

Three rounds of audit-driven hardening, fully documented in DECISIONS.md:

- argv hardening: validate HostName/User/IdentityFile via allowlist regexes,
  parse Port via strconv.Atoi, surface ssh_config parse errors instead of
  silently swallowing them. Switch -o kernel_cache to auto_cache for network-
  FS correctness, pin StrictHostKeyChecking=accept-new.
- LOW-severity cleanup: -v verbose flag (default output is just the mount
  path), run_editor returns errors and main exits 7 on failure, ABOUTME
  headers, golang.org/x/sys v0.43.0 (go 1.25.0).
- Defense-in-depth + UX: rxIdentityFile first-character anchor rejects
  leading "-"/"."/":"/etc., verify_mount_dir resolves base via EvalSymlinks
  and refuses pre-existing symlinks at the mount path, flag.Usage shows the
  positional <Host> argument, run_editor uses cmd.Start() so cold-start
  Sublime does not block the terminal.
- CI: empty-PKGVER guard in update-pkgver workflow.
- Tests: verify_mount_dir path-traversal + symlink-reject coverage,
  rxHostUser/rxIdentityFile boundary cases.

go.mod

@@ -1,10 +1,10 @@
 module sshfsc
 
-go 1.23.4
-
-require github.com/kevinburke/ssh_config v1.2.0
+go 1.25.0
 
 require (
-	github.com/moby/sys/mountinfo v0.7.2 // indirect
-	golang.org/x/sys v0.1.0 // indirect
+	github.com/kevinburke/ssh_config v1.2.0
+	github.com/moby/sys/mountinfo v0.7.2
 )
+
+require golang.org/x/sys v0.43.0 // indirect