refactor: remove naive XSS blocking and extract magic numbers

[sigfawn]

Title: refactor: remove naive XSS blocking and extract magic numbers

Description:
Do not block <script> at the validation layer.

Data Integrity: If the database refuses to store text, it is essentially corrupting user intent.

Database Role: Should store text faithfully; use parameterized queries to prevent SQL Injection.

Frontend Role: Should render text safely; use escaping/sanitization to prevent XSS.

Result: Blocking input creates false security and breaks valid inputs.

Extracted Constants: Magic numbers (e.g., 10000, 255) are now defined as MAX_TASK_LENGTH, MAX_SESSION_ID_LENGTH, etc., at the top of the file.

3. Backend Factory Refactor

• Fix: Refactored createBackend in factory.ts to solve a race condition where `initialize(
  could be called twice on the same backend instance.
• Improvement: Adopted a "path-based" flow that separates RuVector creation from HNSWLib
  creation. Each path now returns early upon success, making the initialization logic deterministic
  and safer.

4. Vector Interface Standardization

• Fix: Added initialize(): Promise<void> to the VectorBackend interface.
• Result: Resolves TypeScript contract violations in the factory and ensures all future backen
  implement a standard async startup sequence.

5. Unified Backend Lifecycle

2 - Fix: Added initialize(): Promise<void> to GraphBackend and LearningBackend interfaces.
3 - Improvement: All backend types (Vector, Graph, Learning) now share a consistent async
lifecycle contract. This enables predictable startup orchestration and future-proofs the system fo
complex backends (e.g., Rust/WASM bridges, remote connections) that require initialization time.