Fix self-update broken by archive packaging; bump to 0.2.2

[sdairs]

Summary

• clickhousectl update broke in 0.2.1: the release workflow now ships clickhousectl-{target}-v{version}.tar.gz archives, but update.rs was still looking for a raw asset named clickhousectl-{target} (no version, no extension), so the asset lookup always failed with "No compatible binary found for this platform". The npm installer was updated for the archive layout in the dist rework; this codepath was missed.
• Fix: download the .tar.gz, extract the clickhousectl entry via the already-vendored flate2 + tar crates, then feed the bytes into the existing temp-write + chmod + atomic-rename path. New unit test round-trips a release-layout tarball through the extractor.
• Bump clickhousectl, clickhouse-cloud-api, and npm/package.json to 0.2.2 in lockstep (plus the dep reference inside clickhousectl).
• CLAUDE.md: require lockstep version bumps on every release, replacing the prior "only when the API client changed" rule for clickhouse-cloud-api.

Note: existing 0.2.1 installs still need a one-time manual reinstall (npm i -g clickhousectl / cargo binstall / direct binary). The fix only reaches users via 0.2.2.

Test plan

• cargo build --workspace
• cargo test -p clickhousectl --bin clickhousectl update:: — 5/5 pass, including the new tarball round-trip test
• cargo clippy -p clickhousectl --all-targets — clean
• Verified the real v0.2.1 release archive layout matches what the new extractor expects (clickhousectl-{target}-v{ver}/clickhousectl)
• After merge + tag v0.2.2: install 0.2.1 from a fresh source, then run chctl update and confirm it successfully upgrades to 0.2.2

🤖 Generated with Claude Code

[sdairs]

Closing in favour of #198 — same fix, opened first, and the per-step error messages and negative test there are nicer than mine. Will open a small follow-up PR with just the lockstep version bumps + CLAUDE.md release-process update on top of #198.