Fix false positives in secret/crypto/pii rules

[dev-corelift]

Summary

Fixes #19. Aligns rule behavior with the normalized indexer metadata per OpenSpec change fix-false-positive-rules.

Key changes

• Secrets: hardcoded_secret_analyze now inspects the literal metadata extracted by the indexer. Header-derived or other non-literal sources (e.g., request.headers.get(...)) are no longer flagged as secret-hardcoded-assignment.
• Crypto: The weak-encryption detector tokenizes callee identifiers from the normalized DB, so helper methods such as .includes() stop colliding with DES aliases (crypto-weak-encryption false positives are gone).
• PII: All PII layers consume normalized endpoint/storage metadata. Generic keys like message or strings like package.json no longer trigger pii-* alerts.
• Added regression coverage (tests/test_rules/test_false_positive_regressions.py) that reproduces the Lovaseo scenarios the customer reported.

Validation

• pytest tests/test_rules/test_false_positive_regressions.py
• source /home/dev/projects/org/lovaseo/.auditor_venv/bin/activate && aud detect-patterns
• openspec validate fix-false-positive-rules --strict

OpenSpec change: fix-false-positive-rules