Fix config and CLI correctness/safety bugs in pilotctl (#313)

* Fix config and CLI correctness/safety bugs in pilotctl

config.json now writes atomically (temp file + fsync + rename) at 0600
and no longer inherits loose permissions from a pre-existing file, since
it holds admin_token and other secrets. loadConfig distinguishes a
missing config (silent, defaults apply) from an unreadable or corrupt one
(logged). configDir honors PILOT_HOME so state can be relocated without
rewriting $HOME.

set-hostname/clear-hostname now report saveConfig failures instead of
letting persisted config silently diverge from the running daemon.

Pipe-mode stdin reads raise the bufio.Scanner buffer to 16 MiB and check
scanner.Err() so long lines and read errors no longer fail silently.

send-message --json --wait emits a single JSON document (the reply is
folded into the envelope) so machine parsers don't choke on two
concatenated documents.

bench validates the size argument (rejects non-positive, NaN/Inf, and
absurd values, caps at 4 GiB) before dialing.

traceroute checks the conn.Write error before reading the response.

parseFlags accepts flag values that begin with "-" (negative numbers,
bare "-" for stdin, "-3x") via isFlagValue, while still treating
"--name"/"-name" tokens as the next flag.

daemon stop now discovers the daemon PID from the socket owner (lsof)
when the PID file is missing, instead of punting to a manual kill.

ping, traceroute, connect, and bench dials use DialAddrTimeout so a
timed-out command cancels the daemon-side dial rather than leaving a
dangling connection or leaking a goroutine.

* Annotate benign gosec findings in pilotctl config/stop paths

---------

Co-authored-by: Teodor Calin <teodor@vulturelabs.io>

Author: TeoSlayer