feat: add strict field protection for Models

[memleakd]

Description

This PR proposes adding an opt-in strict field protection mode for Models.

By default, Models keep the existing behavior: fields not listed in $allowedFields are silently discarded before the write reaches the database. With strict field protection enabled, those discarded fields throw a DataException instead:

$model->strictFieldProtection()->insert($data);

This is useful for catching typos, stale form fields, and unexpected write payloads while keeping the existing mass-assignment protection model intact. It does not replace validation and does not inspect the database schema; it only makes the existing $allowedFields discard step explicit when requested.

The implementation keeps the current behavior for operation fields that are needed to locate records, such as the primary key during update() and the index field during updateBatch().

Changes

• Added $strictFieldProtection and strictFieldProtection() to Models.
• Added a DataException when strict mode detects fields that would otherwise be discarded.
• Preserved existing behavior for protect(false), non-auto-increment primary keys, and updateBatch() indexes.
• Added focused tests for insert, save, update, batch writes, validation order, and default behavior.
• Updated the user guide, changelog, and model generator template.

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide