Remove unsafe package usage (#1021)

Removes all unsafe operations from go-toml, making the codebase
fully safe Go code. The internal/danger package that contained
unsafe operations has been deleted.

Changes:
- Replace pointer-based node navigation with index-based navigation
- Node.next and Node.child now store absolute indices into the
  backing nodes slice instead of relative offsets
- Add nodes pointer to Node and Iterator for safe navigation
- Replace danger.TypeID with reflect.Type for cache keys
- Delete internal/danger package entirely

Performance overhead is under 10% compared to the unsafe version,
which is acceptable for the safety and maintainability benefits.

[Cursor][claude-sonnet-4-20250514]

internal/tracker/seen_test.go

@@ -1,8 +1,8 @@
 package tracker
 
 import (
+	"reflect"
 	"testing"
-	"unsafe"
 
 	"github.com/pelletier/go-toml/v2/internal/assert"
 )
@@ -12,9 +12,10 @@ func TestEntrySize(t *testing.T) {
 	// performance of unmarshaling documents. Should only be increased with care
 	// and a very good reason.
 	maxExpectedEntrySize := 48
+	entrySize := int(reflect.TypeOf(entry{}).Size())
 	assert.True(t,
-		int(unsafe.Sizeof(entry{})) <= maxExpectedEntrySize,
+		entrySize <= maxExpectedEntrySize,
 		"Expected entry to be less than or equal to %d, got: %d",
-		maxExpectedEntrySize, int(unsafe.Sizeof(entry{})),
+		maxExpectedEntrySize, entrySize,
 	)
 }