fix: add background task to onboarding order sync + migrate to GitLab

Onboarding fixes:
- Add missing background task trigger for order sync (step 4)
- Import process_historical_import task in onboarding API

GitLab migration:
- Update audit rules to support both GitHub and GitLab paths
- Add .gitlab-ci.yml with lint, test, security, build stages
- Add merge request template (.gitlab/merge_request_templates/default.md)
- Update validate_audit.py to check for GitLab equivalents

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.gitlab-ci.yml

@@ -0,0 +1,112 @@
+# GitLab CI/CD Configuration
+# =========================
+
+stages:
+  - lint
+  - test
+  - security
+  - build
+
+variables:
+  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+  PYTHON_VERSION: "3.11"
+
+# Cache dependencies between jobs
+cache:
+  paths:
+    - .cache/pip
+    - .venv/
+
+# Lint Stage
+# ----------
+
+ruff:
+  stage: lint
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install uv
+    - uv sync --frozen
+  script:
+    - .venv/bin/ruff check .
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Test Stage
+# ----------
+
+pytest:
+  stage: test
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install uv
+    - uv sync --frozen
+  script:
+    - .venv/bin/python -m pytest tests/ -v --tb=short
+  coverage: '/TOTAL.*\s+(\d+%)/'
+  artifacts:
+    reports:
+      junit: report.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+architecture:
+  stage: test
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install uv
+    - uv sync --frozen
+  script:
+    - .venv/bin/python scripts/validate_architecture.py
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Security Stage
+# --------------
+
+dependency_scanning:
+  stage: security
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install pip-audit
+  script:
+    - pip-audit --requirement requirements.txt || true
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+audit:
+  stage: security
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install uv
+    - uv sync --frozen
+  script:
+    - .venv/bin/python scripts/validate_audit.py
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Build Stage
+# -----------
+
+docs:
+  stage: build
+  image: python:${PYTHON_VERSION}
+  before_script:
+    - pip install uv
+    - uv sync --frozen
+  script:
+    - .venv/bin/mkdocs build
+  artifacts:
+    paths:
+      - site/
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH