Phase 2 Improvements: Array safety, URL encoding, and source guards

IMPROVEMENTS:
1. Array Safety (reference-db.sh:128-134)
   - Changed from unsafe word-splitting to proper array construction
   - Uses while loop with IFS= read for safer user enumeration
   - Prevents issues with usernames containing special characters

2. URL Encoding for Domain Checks (reference-db.sh:24-48)
   - Added url_encode() helper function
   - Encodes domain names for curl requests
   - Handles domains with special characters safely
   - Prevents curl errors on unusual domain names

3. Configurable Timeout (reference-db.sh:21)
   - Made domain check timeout configurable via DOMAIN_CHECK_TIMEOUT env var
   - Default remains 3 seconds
   - Allows users to adjust for slow networks/servers

4. Source Guards (all library files)
   - Added source guard pattern to prevent re-sourcing
   - Added to: reference-db.sh, common-functions.sh, system-detect.sh
   - Prevents variable/function duplication if file is sourced twice

Testing: All syntax checks pass, functionality verified

lib/system-detect.sh

@@ -6,6 +6,12 @@
 # No persistent caching - detects fresh every time
 #############################################################################
 
+# Source guard - prevent re-sourcing (but allow re-initialization if needed)
+if [ -n "${_SYSTEM_DETECT_LOADED:-}" ]; then
+    return 0
+fi
+readonly _SYSTEM_DETECT_LOADED=1
+
 # Source common functions if not already loaded
 if [ -z "$TOOLKIT_BASE_DIR" ]; then
     SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"