fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/utils/i18n.py

@@ -14,6 +14,7 @@ Supported languages:
 - de: German
 - lb: Luxembourgish
 """
+
 import json
 import logging
 from functools import lru_cache
@@ -97,7 +98,7 @@ def load_translations(language: str) -> dict:
         return {}
 
     try:
-        with open(locale_file, "r", encoding="utf-8") as f:
+        with open(locale_file, encoding="utf-8") as f:
             return json.load(f)
     except json.JSONDecodeError as e:
         logger.error(f"Invalid JSON in translation file {locale_file}: {e}")
@@ -139,7 +140,11 @@ def get_nested_value(data: dict, key_path: str, default: str = None) -> str:
         else:
             return default if default is not None else key_path
 
-    return value if isinstance(value, str) else (default if default is not None else key_path)
+    return (
+        value
+        if isinstance(value, str)
+        else (default if default is not None else key_path)
+    )
 
 
 def translate(
@@ -180,7 +185,9 @@ def translate(
         try:
             text = text.format(**kwargs)
         except KeyError as e:
-            logger.warning(f"Missing interpolation variable in translation '{key}': {e}")
+            logger.warning(
+                f"Missing interpolation variable in translation '{key}': {e}"
+            )
 
     return text