fix(sources): prevent silent data loss on YAML marshal failure

[RafayKhattak]

Description

While auditing the configuration persistence layer, I identified a potential data-loss scenario in internal/sources/yaml.go.

In the writeSources function, the error from yaml.Marshal(mds) was previously being discarded using the blank identifier (_). Because os.WriteFile is called immediately afterward using the result of the marshal operation, any failure in the marshaler would result in an empty byte slice being written to the configuration file. This effectively overwrites the user's entire source configuration with zero bytes without reporting an error.

Changes in this PR:

• Updated writeSources to explicitly check and return the error from yaml.Marshal.
• This ensures that if marshaling fails, the function short-circuits before the destructive os.WriteFile call is made.
• Added a new test file internal/sources/yaml_test.go with table-driven unit tests. These tests verify:
  • Successful round-trip writing and reading of sources.
  • Proper error propagation when writing to invalid paths (ensuring the API handles failures correctly).
  • Validation that writing an empty source list produces a valid empty YAML rather than a corrupted file.

AI & Automation Policy

• I am the human author and take full personal responsibility for every change in this PR.
• No AI or automated generative tool was used in any part of this PR OR I have disclosed all tool(s) below.

AI/automation tools used: Issue discovery assisted by Gemini and Claude.

Checklist

• Code compiles and existing tests pass locally.
• New or updated tests are included where applicable.
• Documentation is updated where applicable.