feat: auto-update via release channel polling

[justrach]

Summary

Add a background auto-update mechanism that polls the GitHub release channel and updates the binary when a new version is available.

Proposed Behavior

1. On startup (MCP or CLI), check the latest release tag from https://api.github.com/repos/justrach/codedb/releases/latest (cached, max once per 24h)
2. Compare against current version (codedb --version)
3. If a newer version exists:
   • MCP mode: send an MCP notification: "codedb v0.3.0 available, run 'codedb update' to upgrade"
   • CLI mode: print a one-line notice to stderr
4. codedb update downloads the new binary with checksum verification (see security: installer downloads binary without integrity verification #120) and replaces itself

Design Considerations

• Check should be non-blocking (background thread or async)
• Cache the last-checked timestamp in ~/.codedb/update-check to avoid hammering the API
• Respect --no-telemetry / CODEDB_NO_TELEMETRY — if telemetry is disabled, skip update checks too (or add a separate CODEDB_NO_UPDATE_CHECK)
• The actual update should verify SHA256 checksums before replacing the binary (relates to security: installer downloads binary without integrity verification #120)

Non-goals

• No silent auto-replacement — always inform the user and require explicit codedb update
• No rollback mechanism in v1 (can add later)