fix: Bind single-quote-containing config values via readfile() instead of .param set

[mvanhorn]

Summary

The shared team-registry scripts bind config.json into sqlite3 by interpolating it into a .param set :json '<config>' dot-command. The sqlite3 shell's dot-command tokenizer does not honor SQL '' escaping, so any config value containing a single quote (e.g.

Changes

Replace each .param set :json '<config>' dot-command in whoami.sh, identities.sh, and join.sh with the same pattern resolve_team already uses: read the config file inside SQL via readfile('<path>') CAST to TEXT, or interpolate the value as a SQL string literal with proper '' doubling. Audit each of the three scripts for every .param set :json site and convert them uniformly so paths and names with apostrophes are handled everywhere.

Fixes #112

[fujibee]

@mvanhorn

Thanks for this — and for auditing all three .param set :json sites uniformly. The branch has fallen behind main and now conflicts. The script changes (join.sh / identities.sh / whoami.sh) still merge cleanly; the only real conflict is in tests/test_team.bats, where main has since gained the #140 path-traversal tests in the same region your tests landed.

Could you rebase onto current main and resolve that one? Keeping both test blocks is all that's needed. Once it's mergeable we'll take a full review pass. Thanks!

[fujibee]

@mvanhorn

Thanks again for this, and for the uniform audit of all three .param set sites. Since the rebase request, main has moved further: #180 (the sqlite CRLF fix) landed on the same three scripts plus test_team.bats, so the conflict is now broader — and there's a related gap your patch couldn't have known about, resolve-project.sh carries the same .param set issue and needs the same readfile() treatment.

Rather than have you chase a moving target, we'll fold your change in directly — your commits as the base, reconciled with #180's CR-stripping, plus resolve-project.sh — in a follow-up PR that credits you (Co-authored-by). The #112 fix is squarely worth landing; this just gets it in faster without you rebasing through churn that's on our side.

I'll link the PR here. Thanks for kicking this off! 🙏

[fujibee]

Folded into #185 — your commit carried as the base (credited via Co-authored-by), rebased onto main, reconciled with #180's CR-stripping, and the shared agmsg_registered_projects helper in resolve-project.sh fixed too (so the local overrides could be dropped). Single-quote tests pass and .param set is gone from the registry scripts. Will close this in favour of #185 once it lands — thanks again, @mvanhorn! 🙏

[fujibee]

Landed as #185 (merged) — your commit carried as the base with Co-authored-by credit. Closing in its favour. Thanks again, @mvanhorn! 🙏