Recover from corrupted state or cache on startup.

When we start up, if we can't load our persistent state, we'll currently exit with an error. That's not good user experience: instead we should maybe move aside any broken/unreadable state files? Or perhaps we should ignore them and not use persistent state? There are multiple possibilities here, and it's not obvious which is best.