Refactor global variable handling for improved test safety

[fajarhide]

PR Auto Describe

🚀 Summary

This PR eliminates all unsafe environment mutation from test code, fixes flaky parallel test execution, and refactors env sanitization for testability. No production runtime behaviour is modified - all changes are pure refactoring and test infrastructure improvements.

---

🔑 Key Changes

1. ✅ Removed every unsafe env modification across all test suites
2. ✅ Eliminated global test locks, all tests now run safely in parallel
3. ✅ Extracted sanitization logic to accept mock input
4. ✅ Implemented thread-local mocking for transcript directory resolution

---

📋 Detailed Breakdown

src/guard/env.rs

• Extracted core sanitization logic into new public sanitize_vars() accepting arbitrary env iterators
• Original sanitize_env() remains fully backwards compatible, now delegates to new function
• Rewrote all unit tests to use in-memory mock environments instead of modifying process state
• Removed all unsafe blocks and test env cleanup boilerplate

src/store/transcript.rs

• Added test-only thread-local MOCK_TRANSCRIPT_DIR override
• transcripts_dir() will prefer mock value when running under test
• Removed global TEST_LOCK mutex that forced sequential test execution
• Updated all 11 transcript tests to use thread-local mocking

Other files

• Updated dispatcher.rs / session_start.rs tests to remove unsafe env writes
• Rewrote all security test sanitization checks to use mock input
• Removed all per-test environment cleanup logic

---

🧠 Notes

100% of production runtime behaviour is unchanged. This is exclusively test quality and maintainability work. No sanitization logic, storage behaviour or user facing functionality was altered.

---

⚠️ Breaking Changes

None. All existing public APIs are preserved exactly.