Add usedforsecurity=False to non-security hashlib calls

MD5 in bambu_mqtt.py is used for AMS tray change detection fingerprinting,
and SHA1 in github_backup.py matches Git's blob hash format. Neither is
used for security purposes, so mark them explicitly to satisfy Bandit B303
and CodeQL py/weak-cryptographic-algorithm findings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/services/bambu_mqtt.py

@@ -1053,7 +1053,7 @@ class BambuMQTTClient:
                     f"{ams_unit.get('id')}:{tray.get('id')}:"
                     f"{tray.get('tray_type')}:{tray.get('tag_uid')}:{tray.get('remain')}"
                 )
-        ams_hash = hashlib.md5(":".join(ams_hash_data).encode()).hexdigest()
+        ams_hash = hashlib.md5(":".join(ams_hash_data).encode(), usedforsecurity=False).hexdigest()
 
         # Only trigger callback if AMS data actually changed
         if ams_hash != self._previous_ams_hash:

backend/app/services/github_backup.py

@@ -535,7 +535,9 @@ class GitHubBackupService:
             for path, content in files.items():
                 content_str = json.dumps(content, indent=2, default=str)
                 content_bytes = content_str.encode("utf-8")
-                content_sha = hashlib.sha1(f"blob {len(content_bytes)}\0".encode() + content_bytes).hexdigest()
+                content_sha = hashlib.sha1(
+                    f"blob {len(content_bytes)}\0".encode() + content_bytes, usedforsecurity=False
+                ).hexdigest()
 
                 # Skip if file hasn't changed
                 if path in existing_files and existing_files[path] == content_sha: