Address PR review comments: fix security vulnerabilities and improve error handling

[Copilot]

Addresses 14 review comments from the copilot-pull-request-reviewer on PR #323, focusing on security vulnerabilities, error handling, and code quality improvements.

Security Fixes

• Command injection vulnerability: Changed run() method from shell string execution to direct argument passing

  // Before: vulnerable to injection via args
  spawnSync(command, { stdio: 'inherit', shell: true });
  
  // After: safe argument passing
  spawnSync(binaryPath, args, { stdio: 'inherit' });

• URL manipulation prevention: Added regex validation for version strings (/^v\d+\.\d+\.\d+$/)
• Socket resource leak: Added 5-second timeout with proper cleanup for RPC port checks

Error Handling

• Archive cleanup moved to finally block to ensure removal even on extraction failure
• Binary extraction validation added with explicit error message
• Enhanced error messages with actionable guidance (network connectivity, permissions, version availability)

Platform Support

• Added macOS x64 architecture support (previously ARM64-only)
• Fixed binary name detection to match extracted archive names across platforms (ARM64, x64, Windows)

Code Quality

• Removed redundant runWithArgs() method
• Changed require('net') to ES6 import * as net
• Network validation uses Object.values(Network) enum instead of hardcoded strings
• Added await for async status() function call
• Removed obsolete TODO comment

Minor Fixes

• Fixed README heading capitalization: "Watch Network with TUI"
• Added package-lock.json to .gitignore

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.