fix: complete migration from escapeSqlString to parameterized query binds

[anandgupta42]

What does this PR do?

Follow-up from PR #277 which partially migrated from escapeSqlString to parameterized query binds. 5 files still use escapeSqlString and need to be converted:

• packages/opencode/src/altimate/native/finops/credit-analyzer.ts (1 usage)
• packages/opencode/src/altimate/native/finops/query-history.ts (2 usages)
• packages/opencode/src/altimate/native/finops/role-access.ts (5 usages)
• packages/opencode/src/altimate/native/schema/tags.ts (2 usages)
• packages/opencode/src/altimate/native/local/schema-sync.ts (1 usage)

Additionally, packages/drivers/src/sql-escape.ts still exists (just removed from the barrel export in index.ts) and should be deleted once all usages are migrated.

Priority

Low — these code paths query warehouse metadata (not user-supplied SQL), so the injection risk is minimal. But completing the migration to parameterized binds is the right thing to do for consistency and defense-in-depth.

Acceptance criteria

• All 11 escapeSqlString usages replaced with parameterized binds ({sql, binds} pattern)
• packages/drivers/src/sql-escape.ts deleted
• No remaining imports of escapeSqlString in the codebase
• Driver execute() methods properly pass binds parameter where needed

[kulvirgit]

Fixed — escapeSqlString has been completely removed from the codebase. PR #277 (commit b907943) migrated finops/schema functions to parameterized binds, and subsequent work removed all remaining usages. Verified: grep -r 'escapeSqlString' packages/opencode/src/ returns zero results. The sql-escape.ts file no longer exists.