feat: crash recovery and graceful shutdown (story 1.9)

[vieiralucas]

Summary

• Implement crash recovery that scans for expired leases on startup and reclaims them so messages re-enter the ready pool
• Add WAL flush on graceful shutdown to ensure all writes are durable before exit
• Add parse_lease_expiry_key() for extracting queue_id and msg_id from expiry keys
• Add flush() method to Storage trait, implemented via flush_wal(true) in RocksDB

Test plan

• recovery_preserves_messages_after_restart — enqueue 5 messages, restart scheduler, verify all delivered
• recovery_reclaims_expired_leases — create expired lease, restart, verify reclaimed and message delivered to consumer
• recovery_preserves_queue_definitions — create 3 queues, restart, verify all present
• shutdown_flushes_wal — enqueue, shutdown, reopen storage from disk, verify data survived
• 51 tests pass, clippy clean, fmt clean

Recreated after GitHub auto-closed the original PR #9

---

Summary by cubic

Adds crash recovery and graceful shutdown so the broker survives restarts without message loss. On startup we reclaim expired leases and return messages to the ready pool; on shutdown we flush the RocksDB WAL for durability. (Linear story 1.9)

• New Features
  • Recovery: run at scheduler start; scan lease_expiry up to now; atomically delete expired lease and expiry; return messages to ready; skip corrupt expiry keys; preserve non-expired leases; log reclaimed and queue_count.
  • Shutdown: add Storage::flush (RocksDB flush_wal(true)); call on exit.
  • Utilities: add parse_lease_expiry_key.
  • Tests: verify message persistence across restart, expired lease reclamation and delivery, queue definitions survival, WAL flush durability, parse_lease_expiry_key roundtrip and corrupt input rejection, and that recovery skips corrupt keys and keeps active leases.

^{Written for commit 7cd3970. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 6 files