fix(cli): check strchr return for NULL before dereference in -O handler

[somethingwithproof]

When -O is passed without a colon separator, strchr returns NULL. The next line dereferences it unconditionally, causing a segfault. Add NULL check before dereference.

[Copilot]

Pull request overview

Fixes a CLI crash in spine when -O/--option is provided without a : separator by guarding against strchr() returning NULL.

Changes:

• Add a NULL check before dereferencing the pointer returned by strchr() in -O/--option parsing.

Comments suppressed due to low confidence (1)

spine.c:426

• The && *value clause is redundant here: when value != NULL, value points at the ':' character, so *value is always non-zero. If the intent is to validate that both setting and value are present (per --option=S:V), consider checking that there is at least one character after the ':' (e.g., value[1] != '\0') and optionally that setting is non-empty before calling set_option(); otherwise simplify the condition to just if (value != NULL) to avoid implying stronger validation than is actually performed.

			if (value != NULL && *value) {
				*value++ = '\0';
			} else {
				die("ERROR: -O requires setting:value");
			}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[somethingwithproof]

Code-reviewed as part of a batch with #525-#531. These 7 atomic bug fixes are independent of each other and can be merged in any order; recommend bundling into a single dated release. The Windows/CMake work in #523/#524 should follow this batch, and #512 (production CI pipeline) should be split into smaller PRs before review.