ci: add security/performance/audit validators to pre-commit and CI

- Add validate-security, validate-performance, validate-audit hooks
  to .pre-commit-config.yaml (previously only architecture was checked)
- Break single "Run all validators" CI step into 4 explicit steps
  (architecture, security, performance, audit) for clearer pipeline output
- Add noqa: SEC001 suppressions for test fixture hashed_password values

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -94,8 +94,17 @@ jobs:
       - name: Install dependencies
         run: uv pip install --system -r requirements.txt
 
-      - name: Run all validators
-        run: python scripts/validate/validate_all.py
+      - name: Validate architecture patterns
+        run: python scripts/validate/validate_all.py --architecture
+
+      - name: Validate security patterns
+        run: python scripts/validate/validate_all.py --security
+
+      - name: Validate performance patterns
+        run: python scripts/validate/validate_all.py --performance
+
+      - name: Validate audit patterns
+        run: python scripts/validate/validate_all.py --audit
 
   # ---------------------------------------------------------------------------
   # Security (non-blocking)