Add pvm update command with safe download/install, auto-update and README notes

[sobatanonimak]

This PR adds a new pvm update command and a safe, non-interactive update flow. It checks GitHub Releases for a newer pvm release, shows current/latest versions, and—when a newer release is available—performs an automatic install using either:

• the safe download + verify + backup + atomic replace + verification + rollback flow, or
• an installer script (when PVM_INSTALL_SCRIPT is set).

Testing performed

• Unit tests added and run: go test ./... (all packages passing).
• Manual local test: built local binary, set PVM_INSTALL_SCRIPT to local install.ps1 and ran pvm update --yes-update to validate script-run path.
• Verified rollback behavior on verification failures during development.

Upgrade / Migration notes

• No breaking API changes. Consumers that relied on an interactive prompt should be aware pvm update now runs the installer automatically when an update is available; use PVM_INSTALL_SCRIPT or omit automatic calls in automation if different behavior desired.
• CI should use --yes-update (or set PVM_INSTALL_CHECKSUM) to use the safe download runner non-interactively.

Security considerations

• Default behavior avoids curl|iex piping; the download path includes optional checksum verification.
• Running remote installers is still supported but opt-in via PVM_INSTALL_SCRIPT or the default quick-install URL; users/operators should review scripts before running in sensitive environments.

Suggested reviewers

• Maintainers familiar with installer and release workflows.
• Test owners for commands package.