feat(validators): add noqa suppression support to security and performance validators

- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/exceptions.py

@@ -128,7 +128,7 @@ class PlatformNotFoundException(OrionException):
         )
 
 
-class PlatformInactiveException(OrionException):  # noqa: MOD-025
+class PlatformInactiveException(OrionException):  # noqa: MOD025
     """Raised when trying to access an inactive platform."""
 
     def __init__(self, code: str):
@@ -140,7 +140,7 @@ class PlatformInactiveException(OrionException):  # noqa: MOD-025
         )
 
 
-class PlatformUpdateException(OrionException):  # noqa: MOD-025
+class PlatformUpdateException(OrionException):  # noqa: MOD025
     """Raised when platform update fails."""
 
     def __init__(self, code: str, reason: str):
@@ -196,7 +196,7 @@ class StoreNotActiveException(BusinessLogicException):
         )
 
 
-class StoreNotVerifiedException(BusinessLogicException):  # noqa: MOD-025
+class StoreNotVerifiedException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to perform operations requiring verified store."""
 
     def __init__(self, store_code: str):
@@ -260,7 +260,7 @@ class StoreValidationException(ValidationException):
         self.error_code = "STORE_VALIDATION_FAILED"
 
 
-class MaxStoresReachedException(BusinessLogicException):  # noqa: MOD-025
+class MaxStoresReachedException(BusinessLogicException):  # noqa: MOD025
     """Raised when user tries to create more stores than allowed."""
 
     def __init__(self, max_stores: int, user_id: int | None = None):
@@ -275,7 +275,7 @@ class MaxStoresReachedException(BusinessLogicException):  # noqa: MOD-025
         )
 
 
-class StoreAccessDeniedException(AuthorizationException):  # noqa: MOD-025
+class StoreAccessDeniedException(AuthorizationException):  # noqa: MOD025
     """Raised when no store context is available for an authenticated endpoint."""
 
     def __init__(self, message: str = "No store context available"):
@@ -337,7 +337,7 @@ class MerchantNotFoundException(ResourceNotFoundException):
         )
 
 
-class MerchantAlreadyExistsException(ConflictException):  # noqa: MOD-025
+class MerchantAlreadyExistsException(ConflictException):  # noqa: MOD025
     """Raised when trying to create a merchant that already exists."""
 
     def __init__(self, merchant_name: str):
@@ -348,7 +348,7 @@ class MerchantAlreadyExistsException(ConflictException):  # noqa: MOD-025
         )
 
 
-class MerchantNotActiveException(BusinessLogicException):  # noqa: MOD-025
+class MerchantNotActiveException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to perform operations on inactive merchant."""
 
     def __init__(self, merchant_id: int):
@@ -359,7 +359,7 @@ class MerchantNotActiveException(BusinessLogicException):  # noqa: MOD-025
         )
 
 
-class MerchantNotVerifiedException(BusinessLogicException):  # noqa: MOD-025
+class MerchantNotVerifiedException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to perform operations requiring verified merchant."""
 
     def __init__(self, merchant_id: int):
@@ -370,7 +370,7 @@ class MerchantNotVerifiedException(BusinessLogicException):  # noqa: MOD-025
         )
 
 
-class UnauthorizedMerchantAccessException(AuthorizationException):  # noqa: MOD-025
+class UnauthorizedMerchantAccessException(AuthorizationException):  # noqa: MOD025
     """Raised when user tries to access merchant they don't own."""
 
     def __init__(self, merchant_id: int, user_id: int | None = None):
@@ -385,7 +385,7 @@ class UnauthorizedMerchantAccessException(AuthorizationException):  # noqa: MOD-
         )
 
 
-class InvalidMerchantDataException(ValidationException):  # noqa: MOD-025
+class InvalidMerchantDataException(ValidationException):  # noqa: MOD025
     """Raised when merchant data is invalid or incomplete."""
 
     def __init__(
@@ -402,7 +402,7 @@ class InvalidMerchantDataException(ValidationException):  # noqa: MOD-025
         self.error_code = "INVALID_MERCHANT_DATA"
 
 
-class MerchantValidationException(ValidationException):  # noqa: MOD-025
+class MerchantValidationException(ValidationException):  # noqa: MOD025
     """Raised when merchant validation fails."""
 
     def __init__(
@@ -527,7 +527,7 @@ class CannotModifySelfException(BusinessLogicException):
         )
 
 
-class BulkOperationException(BusinessLogicException):  # noqa: MOD-025
+class BulkOperationException(BusinessLogicException):  # noqa: MOD025
     """Raised when bulk admin operation fails."""
 
     def __init__(
@@ -675,7 +675,7 @@ class TeamMemberAlreadyExistsException(ConflictException):
         )
 
 
-class TeamInvitationNotFoundException(ResourceNotFoundException):  # noqa: MOD-025
+class TeamInvitationNotFoundException(ResourceNotFoundException):  # noqa: MOD025
     """Raised when a team invitation is not found."""
 
     def __init__(self, invitation_token: str):
@@ -687,7 +687,7 @@ class TeamInvitationNotFoundException(ResourceNotFoundException):  # noqa: MOD-0
         )
 
 
-class TeamInvitationExpiredException(BusinessLogicException):  # noqa: MOD-025
+class TeamInvitationExpiredException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to accept an expired invitation."""
 
     def __init__(self, invitation_token: str):
@@ -709,7 +709,7 @@ class TeamInvitationAlreadyAcceptedException(ConflictException):
         )
 
 
-class UnauthorizedTeamActionException(AuthorizationException):  # noqa: MOD-025
+class UnauthorizedTeamActionException(AuthorizationException):  # noqa: MOD025
     """Raised when user tries to perform team action without permission."""
 
     def __init__(
@@ -745,7 +745,7 @@ class CannotRemoveOwnerException(BusinessLogicException):
         )
 
 
-class CannotModifyOwnRoleException(BusinessLogicException):  # noqa: MOD-025
+class CannotModifyOwnRoleException(BusinessLogicException):  # noqa: MOD025
     """Raised when user tries to modify their own role."""
 
     def __init__(self, user_id: int):
@@ -756,7 +756,7 @@ class CannotModifyOwnRoleException(BusinessLogicException):  # noqa: MOD-025
         )
 
 
-class RoleNotFoundException(ResourceNotFoundException):  # noqa: MOD-025
+class RoleNotFoundException(ResourceNotFoundException):  # noqa: MOD025
     """Raised when a role is not found."""
 
     def __init__(self, role_id: int, store_id: int | None = None):
@@ -776,7 +776,7 @@ class RoleNotFoundException(ResourceNotFoundException):  # noqa: MOD-025
         self.details.update(details)
 
 
-class InvalidRoleException(ValidationException):  # noqa: MOD-025
+class InvalidRoleException(ValidationException):  # noqa: MOD025
     """Raised when role data is invalid."""
 
     def __init__(
@@ -793,7 +793,7 @@ class InvalidRoleException(ValidationException):  # noqa: MOD-025
         self.error_code = "INVALID_ROLE_DATA"
 
 
-class InsufficientTeamPermissionsException(AuthorizationException):  # noqa: MOD-025
+class InsufficientTeamPermissionsException(AuthorizationException):  # noqa: MOD025
     """Raised when user lacks required team permissions for an action."""
 
     def __init__(
@@ -817,7 +817,7 @@ class InsufficientTeamPermissionsException(AuthorizationException):  # noqa: MOD
         )
 
 
-class MaxTeamMembersReachedException(BusinessLogicException):  # noqa: MOD-025
+class MaxTeamMembersReachedException(BusinessLogicException):  # noqa: MOD025
     """Raised when store has reached maximum team members limit."""
 
     def __init__(self, max_members: int, store_id: int):
@@ -852,7 +852,7 @@ class TeamValidationException(ValidationException):
         self.error_code = "TEAM_VALIDATION_FAILED"
 
 
-class InvalidInvitationDataException(ValidationException):  # noqa: MOD-025
+class InvalidInvitationDataException(ValidationException):  # noqa: MOD025
     """Raised when team invitation data is invalid."""
 
     def __init__(
@@ -963,7 +963,7 @@ class StoreDomainAlreadyExistsException(ConflictException):
         )
 
 
-class InvalidDomainFormatException(ValidationException):  # noqa: MOD-025
+class InvalidDomainFormatException(ValidationException):  # noqa: MOD025
     """Raised when domain format is invalid."""
 
     def __init__(self, domain: str, reason: str = "Invalid domain format"):
@@ -1020,7 +1020,7 @@ class DomainAlreadyVerifiedException(BusinessLogicException):
         )
 
 
-class MultiplePrimaryDomainsException(BusinessLogicException):  # noqa: MOD-025
+class MultiplePrimaryDomainsException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to set multiple primary domains."""
 
     def __init__(self, store_id: int):
@@ -1054,7 +1054,7 @@ class MaxDomainsReachedException(BusinessLogicException):
         )
 
 
-class UnauthorizedDomainAccessException(BusinessLogicException):  # noqa: MOD-025
+class UnauthorizedDomainAccessException(BusinessLogicException):  # noqa: MOD025
     """Raised when trying to access domain that doesn't belong to store."""
 
     def __init__(self, domain_id: int, store_id: int):