Minor robustness improvements
- add safety check when converting file descriptor (`os.File.Fd()`) to `int`
- check that file descriptor returned by Open (on Linux) is non-negative before converting to `uintptr`. This addresses a linter warning for a most-likely-non-existent-edge-case of converting a negative file descriptor.
- check that parsed content IDs (hashes) do not exceed the maximum id hash length.
- add nolint annotation for safe conversion
- upgrade to golangci-lint 2.6.1
- updates for gosec
- updates for govet
- updates for perfsprint
- updates modernize
Leaves out modernize:omitempty due to conflicts with tests
* use `os.CreateTemp` in `tempfile.CreateAutoDelete`
* refactor `TestTempFile`: add `VerifyTempfile` test helper
* add test for `createUnixFallback`
* rename function to `tempfile.CreateAutoDelete`
* remove the `dir` parameter to `tempfile.CreateAutoDelete`,
only an empty string was passed, apart from test cases.
* guard against panic in TestShadowCopy
