The isSafeColumn allowlist (added to defend against user-derived column
identifiers in filter/sort, whose keys come from request query-param keys)
was also applied in search() on both the GORM and Mongo backends. Search
columns, however, are developer-supplied via SetParams(params, searchColumns...)
— never request-derived; only the search value is user input, and it is
parameter-bound (GORM) / regex-escaped (Mongo). Gating them added no security
and silently dropped legitimate columns: concat expressions like
first_name || ' ' || last_name / CONCAT_WS(...) on GORM, and nested field
paths like profile.address.city on Mongo — breaking full-name / nested-field
search across consumers.

Remove the isSafeColumn check from search() on both backends; filter()/sort()
gating is unchanged. Document the searchColumns trust boundary on
IPagination.SetParams. Add a regression test for the GORM search path using the
pure-Go SQLite driver (no CGO...