feat(audit): propagate 5 avoided patterns to sensor rules + Agent 5

[HydraOps-T-rav]

Follow-up to #8377. That PR added 5 new entries to `docs/agents/avoided-patterns.md` and a planner Step 8 self-audit. Per the doc's own "Adding a new avoided pattern" section, the remaining surfaces to wire are:

• `src/sensor_rules.py` (runtime hints on failures)
• `.claude/commands/hf.audit-code.md` Agent 5 (convention-drift sweeps)

This PR does both.

Changes

`src/sensor_rules.py` — 3 new `Rule` entries

id	trigger	fires when
`private-symbol-cross-module`	ErrorPattern(`"_X" is not accessed`, `reportPrivateUsage`)	pyright complains about a private-by-convention name
`logger-format-typeerror`	ErrorPattern(`TypeError: not enough arguments for format string`, etc.)	runtime TypeError from `logger.error(value)` without a format string
`dockerfile-python-constant-drift`	FileChanged(`Dockerfile*`)	any Dockerfile edit — reminds about mirrored Python constants

Skipped for the two patterns that don't map cleanly to error/file triggers:

• "test helper duplicating conftest" — requires diff analysis the sensor runtime doesn't do
• "hardcoded path list mirroring fs state" — same reason

Those remain covered by `avoided-patterns.md` + the planner Step 8 audit + Agent 5 sweep below.

`.claude/commands/hf.audit-code.md` Phase 2 — 5 new detection bullets

Each bullet includes a concrete `rg` heuristic so the audit agent can reliably scan:

• `rg -n "from [a-z_]+ import[^#]*\b_[a-zA-Z]"` → cross-module private imports
• Cross-reference conftest defs vs test-file defs → test-helper duplication
• `rg -n "logger\.(error|warning|info|debug)\(\w+\)"` → logger bare-variable first-arg
• Grep tuple/list literals of paths sharing a parent → hardcoded path drift
• `rg -n "for _[a-z]"` → `_name` loop vars

Test plan

• `make quality` green: 11,038 passed, 0 failures, exit 0.
• 31 existing sensor_enricher tests still pass (rule-count ≥ 5 assertion now sees 8; id-uniqueness holds; every new rule has a `docs/agents/` reference).

🤖 Generated with Claude Code