fix: rebase onto main, fix SQLite concurrency, lint clean

- Add busy_timeout PRAGMA and MaxOpenConns(1) for SQLite stability
- Use per-test temp DB in handler tests to prevent state leaks
- Pre-allocate migrations slice (prealloc lint)
- Remove invalid linter names (wsl_v5, noinlineerr) from .golangci.yml
- Remove unused //nolint:gosec directives
- Replace context.Background() with t.Context() in tests
- Use goimports formatting for all files
- All make check passes with zero failures

internal/handlers/api_test.go

@@ -8,6 +8,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"path/filepath"
 	"strings"
 	"sync"
 	"testing"
@@ -35,6 +36,10 @@ type testServer struct {
 func newTestServer(t *testing.T) *testServer {
 	t.Helper()
 
+	// Use a unique DB per test to avoid SQLite BUSY and state leaks.
+	dbPath := filepath.Join(t.TempDir(), "test.db")
+	t.Setenv("DBURL", "file:"+dbPath+"?_journal_mode=WAL&_busy_timeout=5000")
+
 	var s *server.Server
 
 	app := fxtest.New(t,
@@ -158,7 +163,7 @@ func (ts *testServer) doReq(
 		req.Header.Set("Content-Type", "application/json")
 	}
 
-	return http.DefaultClient.Do(req) //nolint:gosec // test server URL
+	return http.DefaultClient.Do(req)
 }
 
 func (ts *testServer) doReqAuth(
@@ -181,7 +186,7 @@ func (ts *testServer) doReqAuth(
 		req.Header.Set("Authorization", "Bearer "+token)
 	}
 
-	return http.DefaultClient.Do(req) //nolint:gosec // test server URL
+	return http.DefaultClient.Do(req)
 }
 
 func (ts *testServer) createSession(nick string) string {
@@ -984,7 +989,7 @@ func TestConcurrentSessions(t *testing.T) {
 		go func(i int) {
 			defer wg.Done()
 
-			nick := "concurrent_" + string(rune('a'+i)) //nolint:gosec // i is 0-19, safe range
+			nick := "concurrent_" + string(rune('a'+i))
 
 			body, err := json.Marshal(map[string]string{"nick": nick})
 			if err != nil {