fix: broadcast goal progress on review log, fix goal handler security gaps

- Broadcast GoalUpdated AP note after ReviewLogged so federated goal
  progress reflects the new review count without requiring a manual goal edit
- Add attribution check in GoalObjectHandler::on_update (mirrors
  review_handler) to prevent any remote actor from overwriting another's goal
- Implement on_actor_removed in GoalObjectHandler via new
  RemoteGoalRepository::remove_all_by_actor — remote goals were never
  cleaned up when an actor unfollowed or was deleted
- Add remove_all_by_actor to SQLite, Postgres, Noop, and test Panic impls

crates/adapters/sqlite/src/remote_goals.rs

@@ -69,6 +69,16 @@ impl RemoteGoalRepository for SqliteRemoteGoalRepository {
         Ok(())
     }
 
+    async fn remove_all_by_actor(&self, actor_url: &str) -> Result<(), DomainError> {
+        sqlx::query("DELETE FROM remote_goals WHERE actor_url = ?")
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await
+            .map_err(Self::map_err)?;
+
+        Ok(())
+    }
+
     async fn get_by_actor_url(&self, actor_url: &str) -> Result<Vec<RemoteGoalEntry>, DomainError> {
         let rows = sqlx::query(
             "SELECT ap_id, actor_url, year, target_count, current_count, received_at \