feat: harden query preview cleanup restore artifact integrity

[cafitac]

Summary

• Make query-preview cleanup restore dry-run fail closed on tampered rollback artifact metadata.
• Report structured read-only JSON for wrong policy/kind and artifact integrity failures instead of raising or proceeding.
• Add aggregate/hash-only artifact integrity metadata for operation validity, declared row-count match, and duplicate row-id detection.
• Update G4a handoff/roadmap docs while keeping broad G4 apply and live restore blocked.

Tests

• uv run pytest tests/test_cli.py::test_python_module_cli_dogfood_query_preview_cleanup_restore_dry_run_validates_artifact_without_mutation_or_leaks tests/test_cli.py::test_python_module_cli_dogfood_query_preview_cleanup_restore_dry_run_blocks_source_database_mismatch tests/test_cli.py::test_python_module_cli_dogfood_query_preview_cleanup_restore_dry_run_reports_wrong_policy_as_read_only_error tests/test_cli.py::test_python_module_cli_dogfood_query_preview_cleanup_restore_dry_run_blocks_artifact_integrity_mismatch -q
• uv run pytest tests/ -q
• uv run ruff check src tests
• git diff --check
• local smoke: /tmp/agent-memory-restore-integrity-smoke

Safety

• Restore dry-run remains read-only and non-mutating.
• Live restore remains unavailable.
• Raw query previews and token-like strings are not printed.
• Broad G4 apply remains blocked.