build: harden NuGet restore and ship SQLite >= 3.50.3

Two pre-existing build/security defects flagged by CodeRabbit:

- HellionChat.csproj sets RestorePackagesWithLockFile=true so dotnet
  restore honors the committed packages.lock.json. Floating version
  ranges in the lockfile previously could drift between machines or
  CI runs, producing builds with subtly different transitive
  dependencies
- HellionChat.csproj pins SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 to
  override the older 2.1.11 native build that
  Microsoft.Data.Sqlite 10.0.7 transitively pulls in. Ships SQLite
  3.50.3 which contains the fixes for CVE-2025-6965 (memory
  corruption from aggregate-term overflow) and CVE-2025-7709. The
  managed Microsoft.Data.Sqlite wrapper stays on 10.0.7 — only the
  native binary is bumped, no API breakage. Verified via the NuGet
  spec: "the first three numbers in the version number of this
  package indicate the version of SQLite that was used to build it"

HellionChat/packages.lock.json

@@ -54,6 +54,12 @@
         "resolved": "3.1.12",
         "contentHash": "iAg6zifihXEFS/t7fiHhZBGAdCp3FavsF4i2ZIDp0JfeYeDVzvmlbY1CNhhIKimaIzrzSi5M/NBFcWvZT2rB/A=="
       },
+      "SQLitePCLRaw.lib.e_sqlite3": {
+        "type": "Direct",
+        "requested": "[3.50.3, )",
+        "resolved": "3.50.3",
+        "contentHash": "tVyhqQ8wxgedWiiPFChyZhE8I3PkOM/AE1azsj1qsdYUws13ONBFyi3aDxju4tD2kzedB2q5+50WrTyY0h2gMQ=="
+      },
       "MessagePack.Annotations": {
         "type": "Transitive",
         "resolved": "3.1.4",
@@ -91,11 +97,6 @@
         "resolved": "2.1.11",
         "contentHash": "PK0GLFkfhZzLQeR3PJf71FmhtHox+U3vcY6ZtswoMjrefkB9k6ErNJEnwXqc5KgXDSjige2XXrezqS39gkpQKA=="
       },
-      "SQLitePCLRaw.lib.e_sqlite3": {
-        "type": "Transitive",
-        "resolved": "2.1.11",
-        "contentHash": "Ev2ytaXiOlWZ4b3R67GZBsemTINslLD1DCJr2xiacpn4tbapu0Q4dHEzSvZSMnVWeE5nlObU3VZN2p81q3XOYQ=="
-      },
       "SQLitePCLRaw.provider.e_sqlite3": {
         "type": "Transitive",
         "resolved": "2.1.11",