fix(orders): synchronize m.stderr writes from parallel dispatch goroutines

[eric-jones]

Summary

memoryOrderDispatcher.dispatch spawns one dispatchOne goroutine per due order. Each goroutine may call logDispatchError(m.stderr, …) if its order errors out — but m.stderr is unsynchronized. go test -race flags concurrent writes on bytes.Buffer.Write (test fakes); production writes to os.Stderr are also undefined per Go docs (atomic per-write(2) for small payloads, unspecified inter-call ordering).

Wrap stderr in a small mutex-guarded writer at construction time so the call sites stay unchanged. Both construction paths get the wrap:

• buildOrderDispatcher (production)
• buildOrderDispatcherFromListExec (test helper that constructs memoryOrderDispatcher directly)

lockedStderr returns nil for nil input so logDispatchError's existing nil-guard keeps its semantics.

Testing

• make check — 5 pre-existing failures, all documented EXPECT-FAIL on macOS, none introduced by this PR (verified by stashing the change and re-running the same tests in isolation):
  • TestExecCommandRunnerTimeoutKillsChildProcess — fixed by fix(macos): unblock pre-commit hook on macOS dev machines #1729
  • TestBuiltinDoltDoctorReportsTimedOutVersionProbe — fixed by fix(macos): unblock pre-commit hook on macOS dev machines #1729
  • TestBuiltinDoltDoctorBoundsVersionProbe — fixed by fix(macos): unblock pre-commit hook on macOS dev machines #1729
  • TestCityRuntimeManualReloadPanicAfterReloadKeepsReloadReplyAndClears — fixed by fix(test): cancel dispatched orders before t.TempDir cleanup #1741
  • TestCityRuntimeWatchReloadPanicRestoresDirty — sibling of the above (TempDir cleanup race under parallel load); pre-existing flake under make check, no fix-PR yet
• go test -race -count=3 -run '^TestCityRuntimeManualReloadPanicAfterReloadKeepsReloadReplyAndClears$' ./cmd/gc/ — race gone (was flagged by the race detector before this change)
• go test -race -count=1 -run '^TestLockedWriter|^TestLockedStderr' ./cmd/gc/ — green
• go test -race -count=1 -run 'OrderDispatch|CityRuntimeShutdown|TestSweep|CityRuntimeManualReload|TestLockedWriter|TestLockedStderr' -skip '^TestOrderDispatchRejectsAmbiguousPackPool$' ./cmd/gc/ — green
• make check-docs — no docs changed, skipped
• make test-integration — not run; past attempts have hit the 30-min timeout with no saved partial output

Note: separate pre-existing race observed

TestOrderDispatchRejectsAmbiguousPackPool trips a different race under -race: the test fake memRecorder is read from the test goroutine while dispatchOne is still writing to it. Different surface (test fake field, not m.stderr), pre-existing on origin/main, out of scope for this PR. Skipped via -skip in the broader race check above.

Checklist

• Linked an issue, or explained why one is not needed — internal stg-fxm; this is the externally-tracked half
• Added or updated tests for behavior changes
• Updated docs for user-facing changes — none, internal synchronization
• Called out breaking changes or migration notes — none

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!