feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs]

Static heuristic — counts console.log / process.stdout.write lines per
referenced hook script. > 50 → low CA-HKV-NNN finding.

New fixtures:
- hooks-verbose/ (61 verbose lines → triggers)
- hooks-quiet/ (5 lines → no finding)

580 → 582 tests, all green.

plugins/config-audit/tests/fixtures/hooks-quiet/hooks/hooks.json

@@ -0,0 +1,7 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      { "matcher": "Bash", "hooks": [{ "type": "command", "command": "node ./scripts/quiet.mjs", "timeout": 5000 }] }
+    ]
+  }
+}

plugins/config-audit/tests/fixtures/hooks-quiet/hooks/scripts/quiet.mjs

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+// Quiet hook
+console.log("step 0");
+console.log("step 1");
+console.log("step 2");
+console.log("step 3");
+console.log("step 4");

plugins/config-audit/tests/fixtures/hooks-verbose/hooks/hooks.json

@@ -0,0 +1,7 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      { "matcher": "Bash", "hooks": [{ "type": "command", "command": "node ./scripts/loud.mjs", "timeout": 5000 }] }
+    ]
+  }
+}

plugins/config-audit/tests/fixtures/hooks-verbose/hooks/scripts/loud.mjs

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+// Verbose hook for v5 M5 fixture
+console.log("step 0");
+console.log("step 1");
+console.log("step 2");
+console.log("step 3");
+console.log("step 4");
+console.log("step 5");
+console.log("step 6");
+console.log("step 7");
+console.log("step 8");
+console.log("step 9");
+console.log("step 10");
+console.log("step 11");
+console.log("step 12");
+console.log("step 13");
+console.log("step 14");
+console.log("step 15");
+console.log("step 16");
+console.log("step 17");
+console.log("step 18");
+console.log("step 19");
+console.log("step 20");
+console.log("step 21");
+console.log("step 22");
+console.log("step 23");
+console.log("step 24");
+console.log("step 25");
+console.log("step 26");
+console.log("step 27");
+console.log("step 28");
+console.log("step 29");
+console.log("step 30");
+console.log("step 31");
+console.log("step 32");
+console.log("step 33");
+console.log("step 34");
+console.log("step 35");
+console.log("step 36");
+console.log("step 37");
+console.log("step 38");
+console.log("step 39");
+console.log("step 40");
+console.log("step 41");
+console.log("step 42");
+console.log("step 43");
+console.log("step 44");
+console.log("step 45");
+console.log("step 46");
+console.log("step 47");
+console.log("step 48");
+console.log("step 49");
+console.log("step 50");
+console.log("step 51");
+console.log("step 52");
+console.log("step 53");
+console.log("step 54");
+console.log("step 55");
+console.log("step 56");
+console.log("step 57");
+console.log("step 58");
+console.log("step 59");
+process.stdout.write("trailing
+");