Harden template render pipeline with precise syntax diagnostics and SAPI-safe linting

[Copilot]

Rendering failures were surfacing as low-signal PHP fatals, and the new pre-render lint step could misclassify Apache/mod_php process output as template syntax errors on Windows. This update makes template execution safer and ensures syntax errors are reported with actionable location details only when they are real PHP parse failures.

• Execution model hardening

  • Replaced runtime eval execution with compiled-file materialization (tpl_<sha256>.php) + isolated include scope.
  • Kept deterministic compiled artifacts and reduced runtime ambiguity in stack traces.

• Pre-render syntax diagnostics

  • Added explicit syntax validation for compiled template files before execution.
  • SyntaxException now includes: compiled file path, line, column (best-effort), source snippet, and parser output.
  • Prevents invalid compiled templates from entering cache by caching only after successful render.

• SAPI-safe lint command resolution

  • Added robust PHP CLI binary selection (PHP_BINARY only if it is actually a PHP executable, then PHP_BINDIR/php(.exe), then PATH fallback).
  • Ignores non-syntax process output (e.g., Apache AH02965) to avoid false-positive SyntaxException in web SAPIs.

• Error boundary consistency

  • Engine now catches \Throwable during render path wrapping, so parse/runtime errors are normalized into ViewException with original cause chaining.

throw new SyntaxException(
    "Compiled template syntax error in '{$templateFile}' at line {$line}, column {$column}." .
    ($snippet !== '' ? " Snippet: {$snippet}" : '') .
    ($output !== '' ? " PHP lint: {$output}" : '')
);