feat(cli): apply aliasing checks and atomic temp-file publish to decompress

[coderabbitai]

Summary

The compress command in cli/src/main.rs was hardened in #45 with:

• Aliasing checks (ensure_distinct_paths / paths_point_to_same_file) to reject identical or hard-linked input/output paths before any I/O.
• Atomic temporary-file publish (create_temporary_output_file + replace_output_file) so the final destination is only replaced after a fully successful write, with permission preservation and platform-specific rename semantics.

The decompress command currently has neither of these protections. This issue tracks applying the same pattern to decompress.

Work items

• Call ensure_distinct_paths at the start of decompress (before opening files).
• Stream decompressed output to a temporary file via create_temporary_output_file.
• On successful completion, promote the temp file to the final destination via replace_output_file.
• On failure, clean up the temp file (mirror the compress error-path cleanup).
• Add tests analogous to the compress tests for aliasing rejection and temp-file cleanup on failure.

References

• Introduced in: feat(encoding): add streaming write encoder #45 (see ensure_distinct_paths, create_temporary_output_file, replace_output_file in cli/src/main.rs)
• Requested by: @polaz
• Comment: feat(encoding): add streaming write encoder #45 (comment)