fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

models/database/__init__.py

@@ -14,12 +14,17 @@ from .architecture_scan import (
     ViolationAssignment,
     ViolationComment,
 )
-from .test_run import TestCollection, TestResult, TestRun
 from .base import Base
 from .company import Company
 from .content_page import ContentPage
 from .customer import Customer, CustomerAddress
 from .inventory import Inventory
+from .letzshop import (
+    LetzshopFulfillmentQueue,
+    LetzshopOrder,
+    LetzshopSyncLog,
+    VendorLetzshopCredentials,
+)
 from .marketplace_import_job import MarketplaceImportError, MarketplaceImportJob
 from .marketplace_product import (
     DigitalDeliveryMethod,
@@ -28,14 +33,9 @@ from .marketplace_product import (
 )
 from .marketplace_product_translation import MarketplaceProductTranslation
 from .order import Order, OrderItem
-from .letzshop import (
-    LetzshopFulfillmentQueue,
-    LetzshopOrder,
-    LetzshopSyncLog,
-    VendorLetzshopCredentials,
-)
 from .product import Product
 from .product_translation import ProductTranslation
+from .test_run import TestCollection, TestResult, TestRun
 from .user import User
 from .vendor import Role, Vendor, VendorUser
 from .vendor_domain import VendorDomain