bugfix: wrap manga + chapter uploads in a DB transaction

Previously a storage failure mid-chapter-upload left a partial chapter
row pointing at a `page_count` that didn't match what was on disk, plus
any successfully-inserted page rows. Same shape for a manga create
where the cover put or cover_image_path UPDATE failed after the manga
row was already inserted.

Fix at the DB layer: open `pool.begin()` at the start of the create,
do all DB writes against `&mut *tx`, commit only after the full
sequence succeeds. If anything before commit fails, the transaction is
rolled back on drop and the DB stays consistent. Bytes already written
to storage on a rolled-back transaction become orphans on disk; a
future reaper can sweep them, and we prioritise DB consistency over
storage tidiness in this branch.

- repo::manga::create / set_cover_image_path: signature changed to
  `impl PgExecutor<'_>` so handlers can pass either `&PgPool` or
  `&mut *tx`. set_cover_image_path is new — replaces the inline
  `UPDATE` in the manga upload handler so the call site stays
  consistent.
- repo::chapter::create / set_page_count: same shape.
- repo::page::create: same.
- api::mangas::create and api::chapters::create both open a
  transaction around their DB writes; storage puts happen inside the
  transaction window (since they must precede the page-row insert), so
  a failed put aborts before commit.

New integration test (api_uploads::chapter_upload_rolls_back_when_
storage_fails_mid_loop) uses a `FailingStorage` helper that errors on
the N-th `put`. With N=1 (page 2 fails), the handler returns 500 and
the chapter + page tables stay empty.

`harness_with_failing_storage` is exposed alongside the existing
`harness` so future tests can reuse it for other fault-injection
cases.

Lockstep version bump to 0.9.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend/tests/api_uploads.rs

@@ -323,6 +323,48 @@ async fn create_chapter_requires_authentication(pool: PgPool) {
     assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
 }
 
+#[sqlx::test(migrations = "./migrations")]
+async fn chapter_upload_rolls_back_when_storage_fails_mid_loop(pool: PgPool) {
+    // Configure storage so the second `put` call (0-indexed: index 1)
+    // errors. seed_manga_via_api uploads no cover, so the very first
+    // `put` happens inside the chapter handler — page 1 succeeds, page
+    // 2 fails, the transaction rolls back.
+    let h = common::harness_with_failing_storage(pool.clone(), 1);
+    let (_, cookie) = common::register_user(&h.app).await;
+    let manga_id = common::seed_manga_via_api(&h.app, &cookie, "Berserk").await;
+
+    let resp = h
+        .app
+        .oneshot(common::post_multipart_with_cookie(
+            &format!("/api/v1/mangas/{manga_id}/chapters"),
+            MultipartBuilder::new()
+                .add_json("metadata", json!({ "number": 1 }))
+                .add_file("page", "1.png", "image/png", &common::fake_png_bytes())
+                .add_file("page", "2.png", "image/png", &common::fake_png_bytes())
+                .add_file("page", "3.png", "image/png", &common::fake_png_bytes()),
+            &cookie,
+        ))
+        .await
+        .unwrap();
+    assert_eq!(resp.status(), StatusCode::INTERNAL_SERVER_ERROR);
+    let body = common::body_json(resp).await;
+    assert_eq!(body["error"]["code"], "internal_error");
+
+    // No chapter rows for this manga.
+    let (chapter_count,): (i64,) =
+        sqlx::query_as("SELECT count(*) FROM chapters WHERE manga_id = $1")
+            .bind(manga_id)
+            .fetch_one(&pool)
+            .await
+            .unwrap();
+    assert_eq!(chapter_count, 0, "rolled-back chapter must not persist");
+
+    // No page rows at all (we never seeded any other chapter).
+    let (page_count,): (i64,) =
+        sqlx::query_as("SELECT count(*) FROM pages").fetch_one(&pool).await.unwrap();
+    assert_eq!(page_count, 0, "rolled-back pages must not persist");
+}
+
 #[sqlx::test(migrations = "./migrations")]
 async fn create_chapter_under_unknown_manga_is_404(pool: PgPool) {
     let h = common::harness(pool);