fix: address all PR review findings — error handling, security, validation

Security:
- browseDir restricted to JPATH_ROOT and current user $HOME (not all /home/)
- MokoRestore db_prefix validated with regex to prevent SQL injection
- MokoRestore DB import returns failure when zero statements succeed

Error handling (fatal — would produce corrupt backups):
- BackupEngine/SteppedEngine mkdir() checked, returns error on failure
- SteppedSession save() checked, throws on write failure
- SteppedEngine SQL dump file_put_contents checked, throws on failure
- MokoRestore configuration.php write checked, throws on failure

Error handling (logged — secondary operations):
- BackupEngine dispatchAfterRun catch block logs to error_log
- BackupEngine/SteppedEngine log file write failures logged
- NotificationSender user group email resolution logged
- script.php download key save/restore logged

Operational fixes:
- Cleanup plugin: don't delete DB record if file unlink fails (prevents orphans)
- BackupEngine: count and log skipped unreadable files
- BackupEngine: handle MokoRestore rename failure gracefully
- SteppedEngine: add S3Uploader to stepUpload match (feature parity)

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

source/script.php

@@ -101,7 +101,7 @@ class Pkg_MokoJoomBackupInstallerScript
 				$this->savedDownloadKey = $key;
 			}
 		} catch (\Throwable $e) {
-			// Not critical
+			error_log('MokoJoomBackup: Could not save download key: ' . $e->getMessage());
 		}
 	}
 
@@ -242,7 +242,7 @@ class Pkg_MokoJoomBackupInstallerScript
 				$db->execute();
 			}
 		} catch (\Throwable $e) {
-			// Not critical
+			error_log('MokoJoomBackup: Could not restore download key: ' . $e->getMessage());
 		}
 	}
 
@@ -278,6 +278,8 @@ class Pkg_MokoJoomBackupInstallerScript
 				'warning'
 			);
 		}
-		catch (\Throwable $e) {}
+		catch (\Throwable $e) {
+			error_log('MokoJoomBackup: License key check failed: ' . $e->getMessage());
+		}
 	}
 }