Fix 29 audit findings across all severity tiers

Critical: fix unsquashfs arg order, quote Exec paths with spaces,
fix compare_versions antisymmetry, chunk-based signature detection,
bounded ELF header reads.

High: handle NULL CVE severity, prevent pipe deadlock in inspector,
fix glob_match edge case, fix backup archive path collisions, async
crash detection with stderr capture.

Medium: gate scan on auto-scan setting, fix window size persistence,
fix announce() for Stack containers, claim lightbox gesture, use
serde_json for CLI output, remove dead CSS @media blocks, add
detail-tab persistence, remove invalid metainfo categories, byte-level
fuse signature search.

Low: tighten Wayland env var detection, ELF magic validation,
timeout for update info extraction, quoted arg parsing, stop watcher
timer on window destroy, GSettings choices/range constraints, remove
unused CSS classes, define status-ok/status-attention CSS.

data/app.driftwood.Driftwood.gschema.xml

@@ -22,11 +22,20 @@
       <description>Directories to scan for AppImage files.</description>
     </key>
     <key name="view-mode" type="s">
+      <choices>
+        <choice value='grid'/>
+        <choice value='list'/>
+      </choices>
       <default>'grid'</default>
       <summary>Library view mode</summary>
       <description>The library view mode: grid or list.</description>
     </key>
     <key name="color-scheme" type="s">
+      <choices>
+        <choice value='default'/>
+        <choice value='force-light'/>
+        <choice value='force-dark'/>
+      </choices>
       <default>'default'</default>
       <summary>Color scheme</summary>
       <description>Application color scheme: default (follow system), force-light, or force-dark.</description>
@@ -37,6 +46,12 @@
       <description>Whether to automatically scan for AppImages when the application starts.</description>
     </key>
     <key name="detail-tab" type="s">
+      <choices>
+        <choice value='overview'/>
+        <choice value='system'/>
+        <choice value='security'/>
+        <choice value='storage'/>
+      </choices>
       <default>'overview'</default>
       <summary>Last detail view tab</summary>
       <description>The last selected tab in the detail view (overview, system, security, storage).</description>
@@ -57,6 +72,7 @@
       <description>Create a config backup before applying an update.</description>
     </key>
     <key name="backup-retention-days" type="i">
+      <range min="1" max="365"/>
       <default>30</default>
       <summary>Backup retention days</summary>
       <description>Number of days to keep config backups before auto-cleanup.</description>
@@ -67,6 +83,11 @@
       <description>Show a confirmation dialog before deleting AppImages or backups.</description>
     </key>
     <key name="update-cleanup" type="s">
+      <choices>
+        <choice value='ask'/>
+        <choice value='always'/>
+        <choice value='never'/>
+      </choices>
       <default>'ask'</default>
       <summary>Update cleanup mode</summary>
       <description>What to do with old versions after update: ask, keep, or delete.</description>
@@ -82,6 +103,12 @@
       <description>Send desktop notifications when new CVEs are found.</description>
     </key>
     <key name="security-notification-threshold" type="s">
+      <choices>
+        <choice value='critical'/>
+        <choice value='high'/>
+        <choice value='medium'/>
+        <choice value='low'/>
+      </choices>
       <default>'high'</default>
       <summary>Security notification threshold</summary>
       <description>Minimum CVE severity for desktop notifications: critical, high, medium, or low.</description>