chore(v028): final review minor 3건 cleanup

- inklingMedia.ts:39 no-op replace 제거 + 명료한 host+pathname 결합 코멘트
- inbox:open-media 빈 relPath 명시적 거절 (typeof + length 검사)
- NoteCard <img> alt="" decorative 의도 코멘트

472/472 + typecheck 0 유지.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/main/ipc/inboxApi.ts

@@ -159,6 +159,9 @@ export function registerInboxApi(deps: InboxIpcDeps): void {
   // v0.2.8 Cut A — 첨부 이미지 클릭 시 OS 기본 뷰어로 열기 (Task 3).
   // path traversal 검사는 inkling-media:// protocol handler 와 동일한 패턴 (Task 1).
   ipcMain.handle('inbox:open-media', async (_e, relPath: string) => {
+    if (typeof relPath !== 'string' || relPath.length === 0) {
+      return { ok: false as const, reason: 'invalid path' as const };
+    }
     const profileDir = deps.paths.profileDir;
     const mediaRoot = join(profileDir, 'media');
     const target = normalize(join(profileDir, relPath));

src/main/protocol/inklingMedia.ts

@@ -36,7 +36,8 @@ export function registerInklingMediaProtocol(profileDir: string): void {
       return new Response(null, { status: 403 });
     }
     const url = new URL(req.url);
-    const relPath = decodeURIComponent((url.host + url.pathname).replace(/^media\//, 'media/'));
+    // inkling-media://media/<noteId>/<file> → host='media', pathname='/<noteId>/<file>'
+    const relPath = decodeURIComponent(`${url.host}${url.pathname}`);
     const target = normalize(join(profileDir, relPath));
     if (!target.startsWith(mediaRoot + sep) && target !== mediaRoot) {
       return new Response(null, { status: 403 });

src/renderer/inbox/components/NoteCard.tsx

@@ -334,6 +334,7 @@ export function NoteCard({ note, onDeleted, onUpdated, mode = 'inbox', onRestore
       {local.media.length > 0 && (
         <div style={{ marginTop: 10, display: 'flex', flexWrap: 'wrap', gap: 6 }}>
           {local.media.map((m) => (
+            // alt="" — decorative (relPath 는 사용자 의미 X). title 이 hover tooltip.
             <img
               key={m.id}
               src={`inkling-media://${m.relPath}`}