[DEV] Add file locking for concurrent operation safety

[CarloQuick]

[DEV] Add file locking for concurrent operation safety

Description

Add file-based locking to prevent race conditions when multiple bento commands target the same container simultaneously.

Technical Approach

Research:

• man 2 flock (advisory locking)
• Rust: fs2 crate or nix::fcntl::flock
• TOCTOU (time-of-check to time-of-use) pattern

Files to modify:

• runtime.rs: Wrap operations in lock acquisition
• Possibly extract locking into shared helper

Lock target options:

• Lock the container's bento_config.json
• Lock a dedicated .lock file per container

Testing:

• Concurrent bento start commands → one succeeds, one fails/blocks
• Lock released on error path
• Lock released on success path

Dependencies

Depends on #50 (state validation)

Background/Context

Background/Context

PR #50 added state validation, which catches user errors (e.g., double-start, stop on stopped container). However, validation happens after reading state from disk — two processes could read valid state simultaneously before either modifies it (TOCTOU race). File locking closes this window.

Acceptance Criteria:

• Acquire exclusive lock before reading container state
• Hold lock through state modification
• Release lock after operation completes (or on error)
• Second concurrent command blocks or fails gracefully
• No deadlocks on crash (lock must auto-release)