fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/utils/csv_processor.py

@@ -20,7 +20,9 @@ from sqlalchemy.orm import Session
 
 from models.database.marketplace_import_job import MarketplaceImportError
 from models.database.marketplace_product import MarketplaceProduct
-from models.database.marketplace_product_translation import MarketplaceProductTranslation
+from models.database.marketplace_product_translation import (
+    MarketplaceProductTranslation,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -215,9 +217,7 @@ class CSVProcessor:
 
         return processed_data
 
-    def _extract_translation_data(
-        self, product_data: dict[str, Any]
-    ) -> dict[str, Any]:
+    def _extract_translation_data(self, product_data: dict[str, Any]) -> dict[str, Any]:
         """Extract translation fields from product data.
 
         Returns a dict with title, description, etc. that belong
@@ -363,11 +363,22 @@ class CSVProcessor:
         if row_data:
             # Keep only key fields for review
             limited_data = {
-                k: v for k, v in row_data.items()
-                if k in [
-                    "marketplace_product_id", "title", "gtin", "mpn", "sku",
-                    "brand", "price", "availability", "link"
-                ] and v is not None and str(v).strip()
+                k: v
+                for k, v in row_data.items()
+                if k
+                in [
+                    "marketplace_product_id",
+                    "title",
+                    "gtin",
+                    "mpn",
+                    "sku",
+                    "brand",
+                    "price",
+                    "availability",
+                    "link",
+                ]
+                and v is not None
+                and str(v).strip()
             }
             row_data = limited_data if limited_data else None
 
@@ -419,7 +430,11 @@ class CSVProcessor:
                 product_data["vendor_name"] = vendor_name
 
                 # Get identifier for error tracking
-                identifier = product_data.get("marketplace_product_id") or product_data.get("gtin") or product_data.get("mpn")
+                identifier = (
+                    product_data.get("marketplace_product_id")
+                    or product_data.get("gtin")
+                    or product_data.get("mpn")
+                )
 
                 # Validate required fields
                 if not product_data.get("marketplace_product_id"):
@@ -524,7 +539,8 @@ class CSVProcessor:
                         row_number=row_number,
                         error_type="processing_error",
                         error_message=str(e),
-                        identifier=row_dict.get("marketplace_product_id") or row_dict.get("id"),
+                        identifier=row_dict.get("marketplace_product_id")
+                        or row_dict.get("id"),
                         row_data=row_dict,
                     )
                 errors += 1