fix(test): rewrite security audit tests as ignored regression tests

Tests now assert desired secure behavior and are #[ignore] until fixes
land. Each ignore reason includes the threat model ID. When a fix is
applied, the test flips from ignored→green as a regression gate.

- 16 ignored tests: all fail when forced (confirming vulns are present)
- 1 non-ignored test: lexer depth at safe level (documents safe path)
- CI runs clean: clippy, tests, no warnings

https://claude.ai/code/session_01JuqQfhfg67dWWn8ngcBxUK

Author: claude