feat(prospecting): implement security audit pipeline (Workstream 2A)

Complete security audit integration into the enrichment pipeline:

Backend:
- SecurityAuditService with 7 passive checks: HTTPS, SSL cert, security
  headers, exposed files, cookies, server info, technology detection
- Constants file with SECURITY_HEADERS, EXPOSED_PATHS, SEVERITY_SCORES
- SecurityAuditResponse schema with JSON field validators + aliases
- Endpoints: POST /security-audit/{id}, POST /security-audit/batch
- Added to full_enrichment pipeline (Step 5, before scoring)
- get_pending_security_audit() query in prospect_service

Frontend:
- Security tab on prospect detail page with grade badge (A+ to F),
  score/100, severity counts, HTTPS/SSL status, missing headers,
  exposed files, technologies, and full findings list
- "Run Security Audit" button with loading state
- "Security Audit" batch button on scan-jobs page

Tested on batirenovation-strasbourg.fr: Grade D (50/100), 11 issues
found (missing headers, exposed wp-login, server version disclosure).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/modules/prospecting/services/prospect_service.py

@@ -251,6 +251,17 @@ class ProspectService:
             .all()
         )
 
+    def get_pending_security_audit(self, db: Session, limit: int = 50) -> list[Prospect]:
+        return (
+            db.query(Prospect)
+            .filter(
+                Prospect.has_website.is_(True),
+                Prospect.last_security_audit_at.is_(None),
+            )
+            .limit(limit)
+            .all()
+        )
+
     def count_by_status(self, db: Session) -> dict[str, int]:
         results = db.query(Prospect.status, func.count(Prospect.id)).group_by(Prospect.status).all()  # noqa: SVC-005 - prospecting is platform-scoped, not store-scoped
         return {status.value if hasattr(status, "value") else str(status): count for status, count in results}