Surface line and column for malformed settings JSON

[SalihMor1na]

Addresses #242 (JSON parsing portion only).

When .claude/settings.json or the settings: action input contains malformed JSON, the action either silently swallows the error or logs a misleading "no existing settings file found" message. This adds a small parseJsonWithLocation helper that re-throws JSON.parse failures with the source identifier and 1-based line/column.

Note on #587: I noticed @linus-amg has an open PR (#587) addressing the same issue with a Zod schema validation approach. This PR is intentionally narrower and complementary:

• No new dependencies
• Only JSON syntax errors (no schema validation)
• Also fixes a separate bug in setup-claude-code-settings.ts where a malformed existing settings file is silently mis-reported as "no existing settings file found"

Happy to close this in favor of #587, combine approaches, or proceed independently — whichever maintainers prefer.

Scope: intentionally narrow. No content from the parsed file is included in error messages, so secrets in settings files cannot leak into action logs.

Behavior changes:

• Malformed ~/.claude/settings.json now throws with line/column instead of being silently treated as missing.
• Malformed settings: JSON input now throws with line/column instead of being silently re-interpreted as a file path.
• ALL_INPUTS parse failures now produce a core.warning annotation with line/column. Still returns {} to preserve existing non-fatal behavior.

Tests: 7 new unit tests in base-action/test/validate-json.test.ts. Full suite (672 tests) passes locally. bun run typecheck and bun run format:check clean.

GitHub Actions workflow YAML validation (the other half of #242) is not addressed here — by the time the action runs, GitHub has already parsed the workflow YAML, so that piece would need a different mechanism (e.g., a separate validator script users run pre-commit).