datalog: rule-shape validators in dl-add-rule! (253/253)

Two malformed-rule paths used to slip through:

- Empty head list `{:head () :body ()}` was accepted; the rule
  would never fire but the relation-name lookup later returned
  nil with confusing downstream errors.
- Non-list body (`{:head (...) :body 42}`) crashed in `rest`
  during safety check with a cryptic "rest: 1 list arg".

dl-add-rule! now checks head shape (non-empty list with symbol
head) and body type (list) before any safety walk. Errors are
descriptive and surface at add time rather than during the next
saturation.

2 new eval tests.

lib/datalog/tests/eval.sx

@@ -165,6 +165,22 @@
           ((db (dl-program "edge(1, 2). edge(2, 3). edge(3, 1).\n                  reach(X, Y) :- edge(X, Y).\n                  reach(X, Z) :- edge(X, Y), reach(Y, Z).")))
           (do (dl-saturate! db) (len (dl-relation db "reach"))))
         9)
+      ;; Rule-shape sanity: empty-list head and non-list body raise
+      ;; clear errors rather than crashing inside the saturator.
+      (dl-et-test! "empty head rejected"
+        (dl-et-throws?
+          (fn ()
+            (dl-add-rule! (dl-make-db)
+              {:head (list) :body (list)})))
+        true)
+
+      (dl-et-test! "non-list body rejected"
+        (dl-et-throws?
+          (fn ()
+            (dl-add-rule! (dl-make-db)
+              {:head (list (quote p) (quote X)) :body 42})))
+        true)
+
       ;; Reserved relation names rejected as rule/fact heads.
       (dl-et-test!
         "reserved name `not` as head rejected"