feat(validators): add noqa suppression support to security and performance validators

- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/seed/init_production.py

@@ -558,7 +558,7 @@ def print_summary(db: Session):
     print("─" * 70)
     print("  URL:      /admin/login")
     print(f"  Username: {settings.admin_username}")
-    print(f"  Password: {settings.admin_password}")  # noqa: SEC-021
+    print(f"  Password: {settings.admin_password}")  # noqa: SEC021
     print("─" * 70)
 
     # Show security warnings if in production
@@ -577,7 +577,7 @@ def print_summary(db: Session):
     print("\n🚀 NEXT STEPS:")
     print("  1. Login to admin panel")
     if is_production():
-        print("  2. CHANGE DEFAULT PASSWORD IMMEDIATELY!")  # noqa: SEC-021
+        print("  2. CHANGE DEFAULT PASSWORD IMMEDIATELY!")  # noqa: SEC021
         print("  3. Configure admin settings")
         print("  4. Create first store")
     else: