chore(ci): silence false-positive security findings

  - Bandit B108: mark 3 dummy /tmp paths in test fixtures as nosec
  - CodeQL py/ldap-injection: already RFC 4515 escaped via _ldap_escape()
  - CodeQL py/incomplete-url-substring-sanitization: test-only assertions
  - GitGuardian: replace sample passwords with <placeholder> strings in
    notification-template preview data

backend/app/schemas/notification_template.py

@@ -260,14 +260,14 @@ SAMPLE_DATA: dict[str, dict[str, str]] = {
     # User management notifications
     "user_created": {
         "username": "john_doe",
-        "password": "TempPass123!",
+        "password": "<generated-password>",
         "login_url": "https://bambuddy.example.com/login",
         "app_name": "Bambuddy",
         "timestamp": "2024-01-15 14:30",
     },
     "password_reset": {
         "username": "john_doe",
-        "password": "NewPass456!",
+        "password": "<new-password>",
         "login_url": "https://bambuddy.example.com/login",
         "app_name": "Bambuddy",
         "timestamp": "2024-01-15 14:30",