fix: pass sanitized search to _do_search and guard $to_cache writes

Two bugs fixed:

1. _sanitize_search() result was never propagated back to %opts,
   so _do_search() received the original unsanitized user input.
   This bypassed newline removal, quote escaping, and character
   whitelisting before the search reached git grep.

2. In _run_child_git_grep(), lines 925-926 wrote to $to_cache
   unconditionally, but the filehandle is only initialized when
   $cache_file is set. This would crash the child process with
   "Can't use an undefined value as a filehandle" when caching
   is disabled.

Also removes unused $gitdir variable in do_search().

Author: Koan-Bot

src/lib/GrepCpan/Grep.pm

@@ -246,9 +246,8 @@ sub do_search ( $self, %opts ) {
 
     my $t0 = [Time::HiRes::gettimeofday];
 
-    my $gitdir = $self->git()->work_tree;
-
     $search = _sanitize_search($search);
+    $opts{search} = $search;
 
     my $results = $self->_do_search(%opts);
 
@@ -922,9 +921,11 @@ sub run_git_cmd_limit ( $self, %opts ) {
             last if ++$counter > $limit_bg_process;
         }
         $run->close;
-        print {$to_cache}
-            qq{\n};    # in case of the last line did not had a newline
-        print {$to_cache} END_OF_FILE_MARKER() . qq{\n} if $cache_file;
+        if ($cache_file) {
+            print {$to_cache}
+                qq{\n};    # in case of the last line did not had a newline
+            print {$to_cache} END_OF_FILE_MARKER() . qq{\n};
+        }
         print {$CW} END_OF_FILE_MARKER() . qq{\n}       if $can_write_to_pipe;
         say "-- Request finished by kid: $counter lines - "
             . join( ' ', 'git', @$cmd );