fix(ci): more changes to fix failing CI (#415)

Fixes from maphew including:
- Remove test for deleted isPathWithinDir function
- Add gosec nolint directives for safe file operations
- Add rm -rf .beads before init in CI workflow
- Simplify panic handling and file operations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: maphew <maphew@users.noreply.github.com>
Co-Authored-By: Claude <noreply@anthropic.com>

cmd/bd/main_test.go

@@ -152,51 +152,6 @@ func TestAutoFlushOnExit(t *testing.T) {
 	}
 }
 
-func TestIsPathWithinDir(t *testing.T) {
-	root := t.TempDir()
-	nested := filepath.Join(root, ".beads", "issues.jsonl")
-	sibling := filepath.Join(filepath.Dir(root), "other", "issues.jsonl")
-	traversal := filepath.Join(root, "..", "etc", "passwd")
-	tests := []struct {
-		name      string
-		base      string
-		candidate string
-		want      bool
-	}{
-		{
-			name:      "same path",
-			base:      root,
-			candidate: root,
-			want:      true,
-		},
-		{
-			name:      "nested path",
-			base:      root,
-			candidate: nested,
-			want:      true,
-		},
-		{
-			name:      "sibling path",
-			base:      root,
-			candidate: sibling,
-			want:      false,
-		},
-		{
-			name:      "traversal outside base",
-			base:      root,
-			candidate: traversal,
-			want:      false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := isPathWithinDir(tt.base, tt.candidate); got != tt.want {
-				t.Fatalf("isPathWithinDir(%q, %q) = %v, want %v", tt.base, tt.candidate, got, tt.want)
-			}
-		})
-	}
-}
 
 // TestAutoFlushConcurrency tests that concurrent operations don't cause races
 // TestAutoFlushStoreInactive tests that flush doesn't run when store is inactive