Add audit reports, fix local run shim/entrypoint, mount root API routes, and include report limitation note

[Spbd1]

Motivation

• Provide a strict production, research, and usability audit of the project and capture remaining release risks in repository files.
• Ensure the repo can be installed and the backend started locally via the documented uvicorn command so HTTP smoke tests and the Chrome-friendly dashboard can be exercised.
• Improve safety of downstream exports by ensuring reports include an explicit limitations note.

Description

• Add a route-dispatching uvicorn shim and console entry-point support so uvicorn backend.app.main:app is available after editable install (uvicorn/__init__.py, build_backend.py).
• Mount taxonomy, taxonomy-workbench, and settings routers at root paths in addition to /api so endpoints like /taxonomy, /taxonomy-workbench/coverage, and /settings/model-providers are reachable (changes in backend/app/main.py).
• Centralize and include a LIMITATIONS_NOTE across JSON, Markdown, and HTML report exporters so generated reports contain the same limitations text (engine/argument_risk_engine/reports/json_export.py, .../markdown.py, .../html.py).
• Add a comprehensive set of audit documents to the repo summarizing verification, remaining issues, prioritized fixes, and a final release checklist (AUDIT_REPORT.md, PRIORITIZED_FIXES.md, TAXONOMY_IMPORT_EXPORT_REPORT.md, DASHBOARD_USABILITY_REPORT.md, MODEL_PROVIDER_SECURITY_REPORT.md, FALSE_POSITIVE_RISKS.md, FINAL_RELEASE_CHECKLIST.md).

Testing

• pip install -e .[dev] — PASS (editable install completed).
• python -m compileall backend engine tests uvicorn build_backend.py — PASS (modules compiled).
• pytest — PASS (42 passed, 4 collection warnings from the local FastAPI test-client shim).
• Frontend: cd frontend && npm install and cd frontend && npm run build — PASS (build produced dist/).
• Lint: python -m ruff check ... --fix run and reported fixed import ordering for the shim — PASS.
• Backend run & HTTP smoke checks: started uvicorn backend.app.main:app --reload --port 8002 and exercised GET /health, POST /analyze, GET /taxonomy, GET /taxonomy-workbench/coverage, GET /taxonomy-workbench/quality-report, GET /settings/model-providers, provider test, POST /evaluation/run, and POST /reports/from-analysis; endpoints responded as expected (quality report endpoint returned ok: false and the evaluation run surfacing a high false-positive rate was observed and recorded in the audit).
• Taxonomy workbook round-trip: python scripts/export_taxonomy_excel.py /tmp/are-taxonomy-audit.xlsx and importing into a temporary root via import_workbook(...) — PASS mechanically; import validation reported errors/warnings which are documented as unresolved high-priority items.
• Chrome/interactive frontend verification: NOT RUN because no Chrome/Chromium binary was available in the environment; this is documented in the usability report.

---

Codex Task