fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/admin/users.py

@@ -99,7 +99,9 @@ def create_user(
         full_name=user.full_name,
         is_email_verified=user.is_email_verified,
         owned_companies_count=len(user.owned_companies) if user.owned_companies else 0,
-        vendor_memberships_count=len(user.vendor_memberships) if user.vendor_memberships else 0,
+        vendor_memberships_count=len(user.vendor_memberships)
+        if user.vendor_memberships
+        else 0,
     )
 
 
@@ -151,7 +153,9 @@ def get_user_details(
         full_name=user.full_name,
         is_email_verified=user.is_email_verified,
         owned_companies_count=len(user.owned_companies) if user.owned_companies else 0,
-        vendor_memberships_count=len(user.vendor_memberships) if user.vendor_memberships else 0,
+        vendor_memberships_count=len(user.vendor_memberships)
+        if user.vendor_memberships
+        else 0,
     )
 
 
@@ -192,7 +196,9 @@ def update_user(
         full_name=user.full_name,
         is_email_verified=user.is_email_verified,
         owned_companies_count=len(user.owned_companies) if user.owned_companies else 0,
-        vendor_memberships_count=len(user.vendor_memberships) if user.vendor_memberships else 0,
+        vendor_memberships_count=len(user.vendor_memberships)
+        if user.vendor_memberships
+        else 0,
     )