Fix TOCTOU race in CapabilityGenerator spec cache

[bburda]

Cache generation check and store happen in separate critical sections. Between them, entity cache generation could change, causing stale specs to be stored under wrong key. Fix with compare-and-swap pattern.

Current behavior:

1. get_cache_key() reads generation and clears cache if changed (under lock)
2. generate_impl() runs without holding cache lock
3. store_cache() stores result under key (under lock)

Between steps 1 and 3, the entity cache generation could change again, meaning the spec generated in step 2 corresponds to a generation that is no longer current.

Proposed fix:
Use a compare-and-swap pattern in store_cache() - re-check the generation before storing and discard the result if it has become stale.