feat(validators): add noqa suppression support to security and performance validators

- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/cms/templates/cms/platform/sections/_features.html

@@ -40,7 +40,7 @@
                 <div class="w-16 h-16 mx-auto mb-4 rounded-full gradient-primary flex items-center justify-center">
                     {# Support for icon names - rendered via Alpine $icon helper or direct SVG #}
                     {% if feature.icon.startswith('<svg') %}
-                    {{ feature.icon | safe }}
+                    {{ feature.icon | safe }} <!-- noqa: SEC-015 -->
                     {% else %}
                     <span x-html="typeof $icon !== 'undefined' ? $icon('{{ feature.icon }}', 'w-8 h-8 text-white') : ''"></span>
                     {% endif %}