chore: 2.0.0-alpha.9 — security & correctness hardening (Void 3.0 quick wins)

- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it)
- Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak)
- Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup)
- Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s
- Q9: disabled failing syncoid-donatello timer on Z

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

lib/api/routes/pending_changes.js

@@ -74,8 +74,17 @@ router.post('/:id/approve',
     if (row.status !== 'pending') {
       throw new ConflictError(`pending change is already ${row.status}`);
     }
-    const entity_id = await applyPendingChange(row, req.actor);
+    // Claim atomically BEFORE applying: resolve() guards `WHERE status='pending'`,
+    // so a crash/retry can't double-apply (the create path would duplicate).
     const resolved = await pendingRepo.resolve(req.params.id, 'approved', req.actor?.id ?? 'owner');
+    if (!resolved) throw new ConflictError('pending change is already resolved');
+    let entity_id;
+    try {
+      entity_id = await applyPendingChange(row, req.actor);
+    } catch (e) {
+      await pendingRepo.reopen(req.params.id);   // un-claim so the owner can retry
+      throw e;
+    }
     await audit.recordAudit(
       req.actor, 'approve', row.entity_type, entity_id,
       null, { pending_id: row.id, original_agent_id: row.agent_id, action: row.action }