sqlite: add permission model checks to DatabaseSync

[mcollina]

Add permission model enforcement to DatabaseSync::Open().

• File-backed databases check kFileSystemRead (readOnly) or kFileSystemWrite (read-write) before calling sqlite3_open_v2.
• In-memory databases (:memory:) are exempt.

Known limitation: db.exec() with ATTACH DATABASE SQL can still access arbitrary files at runtime. This would require parsing SQL to intercept ATTACH statements. Should we address that in this PR or a follow-up?

[nodejs-github-bot]

Review requested:

• @nodejs/security-wg
• @nodejs/sqlite

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.65%. Comparing base (ce6e451) to head (877530d).
⚠️ Report is 388 commits behind head on main.

Files with missing lines	Patch %	Lines
src/node_sqlite.cc	66.66%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #62957      +/-   ##
==========================================
- Coverage   89.65%   89.65%   -0.01%     
==========================================
  Files         676      706      +30     
  Lines      206578   219401   +12823     
  Branches    39562    42073    +2511     
==========================================
+ Hits       185216   196709   +11493     
- Misses      13475    14577    +1102     
- Partials     7887     8115     +228     

Files with missing lines	Coverage Δ
src/node_sqlite.cc	80.66% <66.66%> (-0.14%)	⬇️

... and 222 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.