Fix permission denied error in kat update on macOS (#32)

## Summary

- `os.Rename` from a macOS temp dir (`/var/folders/...`) to
`/usr/local/bin` fails with \"permission denied\" because it crosses
filesystem boundaries and requires elevated privileges
- Replace the cross-filesystem rename with `copyFile` (an
`io.Copy`-based helper) that writes the new binary as `kat.new` inside
the destination directory, followed by an atomic same-directory rename
- Add a preflight `os.CreateTemp` check at the start of
`DownloadAndReplace` so permission errors surface immediately — before
any download — with a clear message: _try running with sudo_
- Clean up the `.new` file if the final rename fails so no leftover file
is left behind

## Test plan

- [ ] Run `kat update` as a non-root user with `kat` installed in
`/usr/local/bin` — should now see a clear `permission denied: ... try
running with sudo` message instead of the cryptic rename error
- [x] Run `sudo kat update` — should complete successfully
- [ ] Run `kat update` as a user who owns the install directory — should
complete successfully without sudo

Author: BolajiOlajide

README.md

@@ -1,5 +1,7 @@
 # Kat
 
+<a href="https://www.producthunt.com/products/kat-3?embed=true&amp;utm_source=badge-featured&amp;utm_medium=badge&amp;utm_campaign=badge-kat-3" target="_blank" rel="noopener noreferrer"><img alt="Kat - Database migrations for the top 1% | Product Hunt" width="250" height="54" src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=1081944&amp;theme=neutral&amp;t=1771554914075"></a>
+
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/BolajiOlajide/kat/blob/main/LICENSE)
 [![Go Report Card](https://goreportcard.com/badge/github.com/BolajiOlajide/kat)](https://goreportcard.com/report/github.com/BolajiOlajide/kat)
 [![Go Reference](https://pkg.go.dev/badge/github.com/BolajiOlajide/kat.svg)](https://pkg.go.dev/github.com/BolajiOlajide/kat)
@@ -103,7 +105,7 @@ kat add create_users_table
 # Developer A: Add email feature (Kat determines create_users_table as parent)
 kat add add_email_column
 
-# Developer B: Add posts feature (creates parallel branch from users table)  
+# Developer B: Add posts feature (creates parallel branch from users table)
 kat add create_posts_table
 
 # Developer C: Add full-text search (Kat resolves dependencies automatically)

internal/update/update.go

@@ -103,6 +103,20 @@ func CheckForUpdates() (bool, string, string, error) {
 
 // DownloadAndReplace downloads a new binary and replaces the current one
 func DownloadAndReplace(downloadURL, execPath string, progressWriter io.Writer) error {
+	execDir := filepath.Dir(execPath)
+	execName := filepath.Base(execPath)
+
+	// Preflight: verify we can write to the destination directory before downloading.
+	probe, err := os.CreateTemp(execDir, execName+".probe-*")
+	if err != nil {
+		if os.IsPermission(err) {
+			return errors.Newf("permission denied: cannot write to %s — try running with sudo", execDir)
+		}
+		return errors.Wrap(err, "cannot write to destination directory")
+	}
+	_ = probe.Close()
+	_ = os.Remove(probe.Name())
+
 	// Create a temporary directory to work in
 	tempDir, err := os.MkdirTemp("", "kat-update-*")
 	if err != nil {
@@ -157,21 +171,45 @@ func DownloadAndReplace(downloadURL, execPath string, progressWriter io.Writer)
 		return errors.Wrap(err, "failed to make binary executable")
 	}
 
-	// On Unix-like systems, we can replace the binary directly
-	execDir := filepath.Dir(execPath)
-	execName := filepath.Base(execPath)
-
-	// Move the new executable to the same directory as the current one
+	// Copy the new binary into the destination directory first.
+	// os.Rename cannot cross filesystem boundaries (e.g. from /var/folders to
+	// /usr/local/bin on macOS), so we copy into the same directory and then
+	// do an atomic same-directory rename.
 	newExecPath := filepath.Join(execDir, execName+".new")
-	if err := os.Rename(tempBinaryPath, newExecPath); err != nil {
-		return errors.Wrap(err, "failed to move new executable to destination directory")
+	if err := copyFile(tempBinaryPath, newExecPath, 0755); err != nil {
+		if os.IsPermission(err) {
+			return errors.Newf("permission denied: cannot write to %s — try running with sudo", execDir)
+		}
+		return errors.Wrap(err, "failed to copy new executable to destination directory")
 	}
 
-	// Replace the current executable with the new one
+	// Replace the current executable with the new one (atomic within same directory)
 	if err := os.Rename(newExecPath, execPath); err != nil {
+		_ = os.Remove(newExecPath)
+		if os.IsPermission(err) {
+			return errors.Newf("permission denied: cannot replace %s — try running with sudo", execPath)
+		}
 		return errors.Wrap(err, "failed to replace current executable")
 	}
 
 	fmt.Fprintf(progressWriter, "%sUpdate successfully installed%s\n", output.StyleSuccess, output.StyleReset)
 	return nil
 }
+
+// copyFile copies src to dst with the given permission bits.
+func copyFile(src, dst string, mode os.FileMode) error {
+	srcFile, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer srcFile.Close()
+
+	dstFile, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, mode)
+	if err != nil {
+		return err
+	}
+	defer dstFile.Close()
+
+	_, err = io.Copy(dstFile, srcFile)
+	return err
+}