feat: add insert-only fields to Model

[memleakd]

Description

This adds $insertOnlyFields to Model.

The goal is to allow fields that can be set when a row is created, but should not be submitted later through Model update operations. This can be useful for values like public IDs, external references, generated slugs, or similar fields that should normally stay unchanged after insert.

Example:

class UserModel extends Model
{
    protected $allowedFields = ['public_id', 'name', 'email'];

    protected $insertOnlyFields = ['public_id'];
}

With this configuration, public_id is allowed during insert() and insertBatch(), but update(), updateBatch(), and update-side save() will throw a DataException if the field is submitted.

This is only Model-level protection. It does not create a database constraint, does not inspect previous database values, and does not affect direct Query Builder writes. Calling protect(false) disables this protection, the same as other field protection.

I also added setInsertOnlyFields() for cases where the list needs to be changed at runtime.

Tests cover insert, insertBatch, update, save, set/update, updateBatch, entity updates, validation order, and protect(false).

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide