fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tests/integration/api/v1/admin/test_dashboard.py

@@ -4,6 +4,7 @@ Integration tests for admin dashboard and statistics endpoints.
 
 Tests the /api/v1/admin/dashboard/* endpoints.
 """
+
 import pytest
 
 
@@ -34,7 +35,9 @@ class TestAdminDashboardAPI:
         data = response.json()
         assert data["error_code"] == "ADMIN_REQUIRED"
 
-    def test_get_comprehensive_stats(self, client, admin_headers, test_marketplace_product):
+    def test_get_comprehensive_stats(
+        self, client, admin_headers, test_marketplace_product
+    ):
         """Test getting comprehensive statistics."""
         response = client.get("/api/v1/admin/dashboard/stats", headers=admin_headers)
 
@@ -47,7 +50,9 @@ class TestAdminDashboardAPI:
         assert "unique_vendors" in data
         assert data["total_products"] >= 0
 
-    def test_get_marketplace_stats(self, client, admin_headers, test_marketplace_product):
+    def test_get_marketplace_stats(
+        self, client, admin_headers, test_marketplace_product
+    ):
         """Test getting marketplace statistics."""
         response = client.get(
             "/api/v1/admin/dashboard/stats/marketplace", headers=admin_headers