fix(lint): resolve 20 gocritic, eslint, and type safety issues

Backend (Go):
- Add named return parameters for improved readability
- Modernize octal literals (0755 → 0o755, 0644 → 0o644)
- Replace nil with http.NoBody in test requests (3 instances)
- Add error handling for rows.Close() in test helper
- Close HTTP response bodies in network tests (3 instances)

Frontend (React/TypeScript):
- Add Fast Refresh export suppressions for UI components
- Replace 'any' types with proper TypeScript types (6 instances)
- Add missing useEffect dependency (calculateScore)
- Remove unused variable in Playwright test

Testing:
- Backend coverage: 87.3% (threshold: 85%)
- Frontend coverage: 87.75% (threshold: 85%)
- All tests passing with race detection
- Zero type errors

Security:
- CodeQL scans: Zero HIGH/CRITICAL findings
- Trivy scan: Zero vulnerabilities
- Pre-commit hooks: All passing

frontend/src/components/SecurityHeaderProfileForm.tsx

@@ -56,15 +56,16 @@ export function SecurityHeaderProfileForm({
   const [, setCspErrors] = useState<string[]>([]);
 
   const calculateScoreMutation = useCalculateSecurityScore();
+  const { mutate: calculateScore } = calculateScoreMutation;
 
   // Calculate score when form data changes
   useEffect(() => {
     const timer = setTimeout(() => {
-      calculateScoreMutation.mutate(formData);
+      calculateScore(formData);
     }, 500);
 
     return () => clearTimeout(timer);
-  }, [formData]);
+  }, [formData, calculateScore]);
 
   const handleSubmit = (e: React.FormEvent) => {
     e.preventDefault();