Validate key file permissions on startup

## Problem
If identity.age has weak permissions (world-readable), we should fail fast with clear error.

## Pattern from Go CLI Books
Security best practice from both CLI books:

```go
func validateKeyPermissions(path string) error {
    info, err := os.Stat(path)
    if err != nil {
        return err
    }
    
    mode := info.Mode().Perm()
    if mode&0077 != 0 {
        return fmt.Errorf(
            "key file %s has insecure permissions %o\n"+
            "Expected 0600 (owner read/write only)\n"+
            "Fix with: chmod 600 %s",
            path, mode, path,
        )
    }
    return nil
}
```

## Action Items
- [ ] Add permission check in `internal/store/store.go` on load
- [ ] Check identity.age, secrets.age, socket file
- [ ] Fail with clear error message and fix command
- [ ] Add `--skip-permission-check` flag for edge cases

## Book References
- Search: `pdf-brain search "file permission security" --fts --expand 2000`
- Search: `pdf-brain search "chmod 600 credential" --fts --expand 2000`

## Priority
P3 - Security hardening

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate key file permissions on startup #17

Problem

Pattern from Go CLI Books

Action Items

Book References

Priority

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Validate key file permissions on startup #17

Description

Problem

Pattern from Go CLI Books

Action Items

Book References

Priority

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions