v0.8.6 feat: in-app self-update — 'deepseek update' fetches and replaces the binary

[Hmbown]

Pitch

opencode parity. Today users update via `npm install -g deepseek-tui@latest` or `cargo install`. Both work but require remembering the right invocation. `deepseek update` (and a footer "new version available" chip) does it inline:

1. Check the GitHub release feed for a newer tag.
2. Download the platform-correct artifact + SHA256 manifest from the matching release.
3. Verify the checksum.
4. Atomic-rename into place at the running binary's path.
5. Re-exec with the same args.

Implementation sketch

• New `crates/cli/src/update.rs`. Uses existing `reqwest` + `sha2` deps.
• Subcommand: `deepseek update` (CLI), `/update` (TUI slash command).
• TUI passive check: every 24 h hit `api.github.com/repos/Hmbown/DeepSeek-TUI/releases/latest` (cache result), surface as a footer chip when a new version is out.
• Refuses to update when running a non-tagged dev build.

Acceptance

• `deepseek update` fetches, verifies, replaces in-place on macOS / Linux / Windows.
• Footer chip surfaces new version availability without prompting.
• No update when the binary path is read-only (graceful error).
• Standard verification gates pass.