Chainable query builder

[bpamiri]

Phase 2 — Modernization Target #3

Replace raw SQL string construction with a composable, injection-safe query builder.

Design

model("User")
    .where("status", "active")
    .where("age", ">", 18)
    .orderBy("name", "ASC")
    .limit(25)
    .get();

// Complex conditions
model("User")
    .where("status", "active")
    .orWhere("role", "admin")
    .whereNotNull("emailVerifiedAt")
    .whereBetween("createdAt", startDate, endDate)
    .get();

• New wheels.model.QueryBuilder class accumulates clauses as structured data (not SQL strings)
• All values parameterized for SQL injection prevention
• .get() / .first() / .count() delegate to existing findAll() / findOne() internally

Backwards Compatibility

Existing findAll(where="string") API remains unchanged. The query builder is an alternative entry point.

See design_docs/MODERNIZE-WHEELS-RIM.md §4.3 for full implementation plan.