Redesign Ndb.swift interface with build safety

This commit redesigns the Ndb.swift interface with a focus on build-time
safety against crashes.

It removes the external usage of NdbTxn and SafeNdbTxn, restricting it
to be used only in NostrDB internal code.

This prevents dangerous and crash prone usages throughout the app, such
as holding transactions in a variable in an async function (which can
cause thread-based reference counting to incorrectly deinit inherited
transactions in use by separate callers), as well as holding unsafe
unowned values longer than the lifetime of their corresponding
transactions.

Closes: https://github.com/damus-io/damus/issues/3364
Changelog-Fixed: Fixed several crashes throughout the app
Signed-off-by: Daniel D’Aquino <daniel@daquino.me>

nostrdb/UnownedNdbNote.swift

@@ -58,9 +58,12 @@ enum NdbNoteLender: Sendable {
         switch self {
         case .ndbNoteKey(let ndb, let noteKey):
             guard !ndb.is_closed else { throw LendingError.ndbClosed }
-            guard let ndbNoteTxn = ndb.lookup_note_by_key(noteKey) else { throw LendingError.errorLoadingNote }
-            guard let unownedNote = UnownedNdbNote(ndbNoteTxn) else { throw LendingError.errorLoadingNote }
-            return try lendingFunction(unownedNote)
+            return try ndb.lookup_note_by_key(noteKey, borrow: { maybeUnownedNote in
+                switch maybeUnownedNote {
+                case .none: throw LendingError.errorLoadingNote
+                case .some(let unownedNote): return try lendingFunction(unownedNote)
+                }
+            })
         case .owned(let note):
             return try lendingFunction(UnownedNdbNote(note))
         }