docs: update workflows.md npm audit entry to reflect audit-ci usage

[github-actions]

Component

Documentation

Bug Description

The Security Validation Tools table in docs/architecture/workflows.md describes the npm audit step as using npm audit, but the implementation was updated in commit 3b300c8 to use audit-ci with a configuration file (audit-ci.json).

Current documentation (line ~217):

| npm Audit          | `npm audit`                  | Known vulnerabilities in dependencies         |

Actual implementation in .github/workflows/pr-validation.yml:

- name: Run security audit
  run: npm run audit:npm

Where audit:npm in package.json is:

"audit:npm": "audit-ci --config audit-ci.json"
```

The `audit-ci.json` configuration enables an allowlist for advisories that have no upstream fix available.

## Expected Behavior

The table should reflect the actual tooling:

```
| npm Audit          | `audit-ci`                   | Known vulnerabilities in dependencies (with allowlist via `audit-ci.json`) |

And the audit:npm npm script should be listed in the Local Development section (around line ~299 where lint:all is described).

Steps to Reproduce

1. Review docs/architecture/workflows.md — Security Validation Tools section.
2. Compare against .github/workflows/pr-validation.yml job npm-audit and audit-ci.json.

Additional Context

• Changed files: .github/workflows/pr-validation.yml, audit-ci.json, package.json
• Documentation file: docs/architecture/workflows.md
• Commit: 3b300c8

Generated by Documentation Update Check · ● 1.4M · ◷