fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tests/performance/test_api_performance.py

@@ -4,12 +4,15 @@ Performance tests for API endpoints.
 
 Note: MarketplaceProduct now stores title/description in translations table.
 """
+
 import time
 
 import pytest
 
 from models.database.marketplace_product import MarketplaceProduct
-from models.database.marketplace_product_translation import MarketplaceProductTranslation
+from models.database.marketplace_product_translation import (
+    MarketplaceProductTranslation,
+)
 
 
 def create_product_with_translation(db, product_id: str, title: str, **kwargs):
@@ -54,9 +57,7 @@ class TestPerformance:
 
         # Time the request
         start_time = time.time()
-        response = client.get(
-            "/api/v1/admin/products?limit=100", headers=admin_headers
-        )
+        response = client.get("/api/v1/admin/products?limit=100", headers=admin_headers)
         end_time = time.time()
 
         assert response.status_code == 200