refactor(rules): restructure into common + language-specific directories

* refactor(rules): restructure rules into common + language-specific directories

- Split 8 flat rule files into common/, typescript/, python/, golang/
- common/ contains language-agnostic principles (no code examples)
- typescript/ extracts TS/JS specifics (Zod, Playwright, Prettier hooks, etc.)
- python/ adds Python rules (PEP 8, pytest, black/ruff, bandit)
- golang/ adds Go rules (gofmt, table-driven tests, gosec, functional options)
- Replace deprecated ultrathink with extended thinking documentation
- Add README.md with installation guide and new-language template

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Fix installation commands for rules

Updated installation instructions to copy all rules to a single directory.

* docs: update README.md to reflect new rules directory structure

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Hor1zonZzz <Hor1zonZzz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

rules/common/security.md

@@ -0,0 +1,29 @@
+# Security Guidelines
+
+## Mandatory Security Checks
+
+Before ANY commit:
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] All user inputs validated
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (sanitized HTML)
+- [ ] CSRF protection enabled
+- [ ] Authentication/authorization verified
+- [ ] Rate limiting on all endpoints
+- [ ] Error messages don't leak sensitive data
+
+## Secret Management
+
+- NEVER hardcode secrets in source code
+- ALWAYS use environment variables or a secret manager
+- Validate that required secrets are present at startup
+- Rotate any secrets that may have been exposed
+
+## Security Response Protocol
+
+If security issue found:
+1. STOP immediately
+2. Use **security-reviewer** agent
+3. Fix CRITICAL issues before continuing
+4. Rotate any exposed secrets
+5. Review entire codebase for similar issues