Scope borrow-checking to unsafe contexts for pointer-backed indexed mutation

[Copilot]

Borrow checking should not be a default runtime behavior; it should apply only inside unsafe classes/methods where pointer operations are permitted. This change introduces unsafe-scoped borrow enforcement for indexed writes to prevent mutating locations that are actively borrowed.

• Unsafe-scoped enforcement

  • Borrow checks are now gated behind unsafe execution context detection (unsafe method/class context).
  • Safe/default code paths remain unchanged.

• Indexed mutation guard

  • Added runtime guard in indexed assignment flow (array[index] = value) for both NaturalArray and List targets.
  • Before mutation, the handler detects active borrows of the same container+index via live PointerValue references.

• Borrow source coverage

  • Active pointer scans include:
    • local scope stack
    • object instance fields
    • slot values
  • Violations raise a dedicated borrow-check runtime error for mutation-while-borrowed.

• Code cleanup

  • Consolidated duplicate borrow-violation message text into a single constant/helper for consistency.

• Example behavior

  share unsafe BorrowBox {
      buffer: u8[4]
  
      share unsafe trigger() {
          p: *u8 = &buffer[0]
          buffer[0] = 2   // now rejected: location is actively borrowed by p
      }
  }