fix: guard json.loads() and use atomic writes for persistent state

[annguyenNous]

Problem

Multiple files have unguarded json.loads() calls that crash on malformed/non-JSON responses, and several persistent state files use non-atomic write_text() that can corrupt on crash.

Fix

JSON decode guards (5 files):

• weixin.py: _api_post() and _api_get() now catch json.JSONDecodeError and raise descriptive RuntimeError
• browser_cdp_tool.py: Malformed CDP WebSocket frames are skipped instead of crashing the attach-to-target loop
• osv_check.py: Non-JSON OSV API responses (502/503 HTML) return [] instead of crashing
• api_server.py: Corrupted SQLite cache entries return None instead of propagating JSONDecodeError

Atomic writes (6 files):

• skills_hub.py: HubLockFile and HubTapFile now use atomic_json_write() (temp+fsync+replace)
• model_metadata.py: Context length cache uses atomic_yaml_write()
• delivery.py: Cron delivery output uses tempfile+fsync+os.replace
• run.py: Voice mode preferences use atomic_json_write()
• environments/base.py: JSON store uses atomic_json_write()
• checkpoint_manager.py: Project metadata uses atomic_json_write()

Resource management (1 file):

• vision_tools.py: PIL Image.open() handle now closed in finally block to prevent fd leak during resize loops

Before vs After

File	Before	After
weixin.py API calls	json.JSONDecodeError crash on non-200 HTML	RuntimeError with context
CDP WebSocket	Crash on malformed frame	Skip and continue
osv_check.py	Crash on 502 HTML body	Return empty list
api_server.py cache	Crash on corrupted SQLite	Return None (cache miss)
skills_hub.py writes	Partial write on crash	Atomic replace
model_metadata.py cache	Corrupted YAML on crash	Atomic replace
vision_tools.py	PIL fd leak until GC	Explicit close in finally

Tests

• All 11 modified files pass py_compile syntax check
• Zero behavioral changes for happy paths — only error handling improved