feat(validators): add noqa suppression support to security and performance validators

- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/messaging/tests/unit/test_store_email_settings_service.py

@@ -33,7 +33,7 @@ def test_email_settings(db, test_store):
         smtp_host="smtp.example.com",
         smtp_port=587,
         smtp_username="testuser",
-        smtp_password="testpass",  # noqa: SEC-001
+        smtp_password="testpass",  # noqa: SEC001
         smtp_use_tls=True,
         smtp_use_ssl=False,
         is_configured=True,
@@ -56,7 +56,7 @@ def test_verified_email_settings(db, test_store):
         smtp_host="smtp.example.com",
         smtp_port=587,
         smtp_username="testuser",
-        smtp_password="testpass",  # noqa: SEC-001
+        smtp_password="testpass",  # noqa: SEC001
         smtp_use_tls=True,
         is_configured=True,
         is_verified=True,
@@ -155,7 +155,7 @@ class TestStoreEmailSettingsWrite:
             "smtp_host": "smtp.example.com",
             "smtp_port": 587,
             "smtp_username": "user",
-            "smtp_password": "pass",  # noqa: SEC-001
+            "smtp_password": "pass",  # noqa: SEC001
         }
 
         settings = store_email_settings_service.create_or_update(