Run parse-dont-validate NonZero audit

[acgetchell]

Context

Run a whole-repo rust-parse-dont-validate audit focused on making nonzero numeric invariants unrepresentable.

This should specifically look for places where NonZeroU32 or related standard refined types (NonZeroUsize, NonZeroU64, etc.) can replace raw integers, even if that requires breaking API changes. Pre-1.0 API compatibility should yield to correctness, orthogonality, and performance.

Scope

Audit public constructors, builders, setters, deserialization boundaries, configuration/checkpoint types, common validation helpers, and stored domain state.

Prioritize stored values and API boundaries where zero is invalid, repeatedly checked, or only validated immediately before use. Keep raw integers in passive DTOs or boundary inputs only when they are immediately parsed into invariant-bearing domain types.

Acceptance criteria

• Replace high-confidence positive/nonzero stored values with NonZero* types.
• Move validation to construction, parsing, deserialization, or raw-value setters.
• Keep getters infallible once values are stored in refined form.
• Update tests, doctests, examples, and docs for any API break.
• Validate with the repository CI/check commands.

Notes

Breaking API changes are acceptable when they improve correctness, orthogonality, or performance.