fix: sanitize FTS5 queries and close mirror DB connections

[0xbyt4]

Summary

Two bugs fixed:

• FTS5 query crash: search_messages() raises sqlite3.OperationalError when user queries contain FTS5 special characters (C++, "unterminated, (problem, hello AND, ***, {test}). Added _sanitize_fts5_query() to strip dangerous operators, plus a fallback try-except for edge cases.
• Mirror DB connection leak: _append_to_sqlite() in gateway/mirror.py creates a new SessionDB() per call but never closes it, leaking SQLite connections over time. Added finally block to ensure db.close() is always called.

Reproduction

FTS5 crash (before fix):

db.search_messages('C++')        # OperationalError: fts5: syntax error near "+"
db.search_messages('"unterminated')  # OperationalError: unterminated string
db.search_messages('(problem')    # OperationalError: fts5: syntax error near ""
db.search_messages('hello AND')   # OperationalError: fts5: syntax error near ""
db.search_messages('***')         # OperationalError: unknown special query: **
db.search_messages('{test}')      # OperationalError: no such column: test

Test plan

• test_search_special_chars_do_not_crash — 8 dangerous queries that previously crashed now return lists
• test_search_sanitized_query_still_finds_content — sanitized queries still find matching content
• test_sanitize_fts5_query_strips_dangerous_chars — unit test for the sanitizer
• test_connection_is_closed_after_use — verifies db.close() is called after mirror write
• test_connection_closed_even_on_error — verifies db.close() is called even when append fails
• All 52 tests pass (tests/test_hermes_state.py + tests/gateway/test_mirror.py)

[teknium1]

Merged in commit 60d3f79. Thanks for the clean fix @0xbyt4 — both the FTS5 sanitization and mirror connection leak are solid. Your second contribution, appreciated!