refactor(cold): require &mut self for ColdStorage write methods

[prestwich]

Summary

• Change ColdStorage write methods (append_block, append_blocks, truncate_above, drain_above) from &self to &mut self so the borrow checker enforces exclusive write access at compile time
• Add Clone as a supertrait bound on ColdStorage (all backends are cheaply clonable via Arc-wrapped internals)
• Wrap the task runner's backend in tokio::sync::RwLock<B> — reads acquire the read lock, writes acquire the write lock
• Stream producers clone the backend to avoid holding the read lock during long-lived streams (up to 60s)

Closes ENG-1979

Test plan

• cargo clippy clean on all 4 affected crates with both --all-features and --no-default-features
• mem_backend_conformance passes
• mdbx_backend_conformance passes
• All unified storage integration tests pass (including drain_above_*)
• ./scripts/test-postgres.sh (requires Postgres)

🤖 Generated with Claude Code

[Fraser999]

Committed by mistake?

[Fraser999]

Committed by mistake?

[Fraser999]

Should impl ColdStorage for EitherCold also include an override for fn drain_above?

[Fraser999]

I think it might be helpful to split the single trait into ColdStorageRead: Clone + Send + Sync + 'static and ColdStorageWrite: Send + 'static.

We can then avoid the task runner having to hold the backend in a RwLock: it would hold a single, non-cloneable instance of the backend as the write portion, and would have a cloneable instance of the backend as the read portion.

This would help enforce the architectural intent: the task runner is the only one that's capable of calling write methods, and the read tasks and stream producers receive a clone of the ColdStorageRead, which ensures they can't call any write methods (we'd only have impl<B: ColdStorageRead> ColdStorageTaskInner<B> { ... } for the read-only tasks.)