When a tool call is made with invalid arguments, Crush will now report
the error back so the model will continue working and can do another
attempt.

Fix on Fantasy done by @mkaaad.

* Ref https://github.com/charmbracelet/crush/issues/2776
* Ref https://github.com/charmbracelet/fantasy/pull/223

`NewBrokerWithOptions` accepted `channelBufferSize` parameter, but never
stored or used it, so `Subsribe`` always used the hardcoded
`bufferSize` constant (64).

Extract `refreshTokenIfExpired` and `retryAfterUnauthorized` functions
to eliminate duplicated OAuth/API key refresh logic in both `Run` and
`Summarize`.

💘 Generated with Crush

Assisted-by: Kimi K2.6 via Crush <crush@charm.land>

When switching from a vision-capable model to one without image support
mid-conversation, historical user messages containing image attachments
would cause API errors. Now those attachments are filtered out from the
prompt history based on the current model's SupportsImages capability.

💘 Generated with Crush

Assisted-by: Kimi K2.6 via Crush <crush@charm.land>

When refreshing an OAuth token (e.g. for Hyper), check the config file
on disk first to see if another Crush session already refreshed it.
If the disk token differs from the in-memory one, use the disk token
and skip the external refresh request. Prevents unnecessary token
churn and 401s when multiple Crush sessions are running.

💘 Generated with Crush

Assisted-by: Kimi K2.6 via Crush <crush@charm.land>

This is an additional guard to invalidate the cache in the off-chance
styles are mutated (rather than updated via applyTheme(), as they
should be).

The theme prep overhaul in 755f6fa made the main markdown renderer and
thinking block markdown renderer heavier, which exasperated a gap in
perf. Basically every token chunk would clear would clear the per-item
render cache and force a re-render.

This update memoizes renderers with markdown and should generally
give us a nice increase in perf compared to what we had before the theme
rendering.

Crush could fail to start with "file is not a database (26)" after a
session ran many sub-agents in parallel. The shared *sql.DB was opened
with Go's default unlimited connection pool, so each concurrent sub-agent
(session/message/cost writes via coordinator.runSubAgent) could open its
own SQLite handle. Under load, WAL frames from different handles
interleaved and auto-checkpoints could race; if the process was cancelled
or killed mid-checkpoint, the main DB header and WAL desynced, producing
SQLITE_NOTADB (26) on the next open.

Two changes address this:

- Set db.SetMaxOpenConns(1). SQLite serializes writes at the file level
  anyway, so extra pool connections add no throughput, only race surface.
  Forcing a single pooled connection makes database/sql queue all callers
  through one SQLite handle, eliminating cross-handle WAL/checkpoint
  races. Sub-agents still function; their writes just serialize (which
  SQLite was going to do regardless).

- Add _txlock=immediate to both driver DSNs (modernc.org/sqlite and
  ncruces/go-sqlite3). BEGIN IMMEDIATE acquires the reserved-writer lock
  up front so concurrent writers queue cleanly on busy_timeout instead of
  racing the deferred-to-writer upgrade (the pattern behind prior
  SQLITE_BUSY reports, e.g. #2129, #2576). Defense in depth alongside the
  pool limit.

For the ncruces driver the DSN must use the file: URI prefix for query
params to be parsed; the plain path form silently ignores _txlock.

See: https://github.com/charmbracelet/meta/commit/86917ec06aa42153f5e48cb2570dfc5efd1e389d

No need to set `HYPERCRUSH=1` anymore.