fix: add pylint, semgrep, and pip-audit to CI pipeline

Problem

Compliance checker shows ❌ for:

• Pylint (Quality & Tools)
• Semgrep (Quality & Tools)
• Dependency Audit (Security)

Fix

• Add pylint to lint stage
• Add semgrep + pip-audit to security stage
• Pre-commit configs are NOT changed