fix(lint): restore noqa directives and register custom codes with ruff

Reverts the noqa: removal — the architecture validators (SVC-006,
SEC-034, MOD-004, API-007) use these to skip known-safe violations.
Added ruff lint.external config so ruff treats them as valid codes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/routes/api/admin_modules.py

@@ -100,7 +100,7 @@ def _build_module_response(
     is_enabled: bool,
 ) -> ModuleResponse:
     """Build ModuleResponse from module code."""
-    from app.modules.enums import FrontendType  # API-007 - Enum for type safety
+    from app.modules.enums import FrontendType  # noqa: API-007 - Enum for type safety
 
     module = MODULES.get(code)
     if not module:

app/modules/tenancy/routes/api/admin_users.py

@@ -22,7 +22,7 @@ from app.api.deps import get_current_super_admin, get_current_super_admin_api
 from app.core.database import get_db
 from app.exceptions import ValidationException
 from app.modules.tenancy.models import (
-    User,  # API-007 - Internal helper uses User model
+    User,  # noqa: API-007 - Internal helper uses User model
 )
 from app.modules.tenancy.services.admin_platform_service import admin_platform_service
 from models.schema.auth import UserContext

app/modules/tenancy/routes/api/store.py

@@ -18,7 +18,7 @@ from sqlalchemy.orm import Session
 
 from app.core.database import get_db
 from app.modules.tenancy.schemas.store import StoreDetailResponse
-from app.modules.tenancy.services.store_service import store_service  # mod-004
+from app.modules.tenancy.services.store_service import store_service  # noqa: mod-004
 
 store_router = APIRouter()
 logger = logging.getLogger(__name__)