Remove unused FluentValidation dependency from Application project

[Chris0Jeky]

Summary

• Remove the unused FluentValidation (v12.1.1) PackageReference from Taskdeck.Application.csproj
• No source files in the backend import FluentValidation namespaces, so the package was dead weight

Fixes #950

Test plan

• Grep confirms zero using FluentValidation imports across all backend .cs files
• dotnet build backend/Taskdeck.sln -c Release succeeds with 0 errors
• dotnet test backend/Taskdeck.sln -c Release -m:1 passes all tests (0 failures)

[Chris0Jeky]

Self-review: no findings. The package was confirmed unused — no source files import FluentValidation namespaces and the build/tests pass cleanly.

Adversarial checks performed:

• grep -r "using FluentValidation" across all backend .cs files: zero matches
• No other .csproj in the solution references FluentValidation (no transitive consumer)
• The only remaining mentions of FluentValidation are in documentation/audit files (not code)
• Full solution build: 0 errors
• Full test suite: 0 failures across all test projects (Domain, Application, Api, Cli, Architecture, Integration)

[gemini-code-assist]

Code Review

This pull request removes the FluentValidation package dependency from the Taskdeck.Application project. I have no feedback to provide.

[Chris0Jeky]

Independent Adversarial Review (Round 2)

Findings

1. INFO -- Diff scope is minimal and correct. The PR removes exactly one line: <PackageReference Include="FluentValidation" Version="12.1.1" /> from Taskdeck.Application.csproj. No other lines in the csproj were touched; all remaining package references (BCrypt.Net-Next, Microsoft.Extensions.Logging.Abstractions, Microsoft.IdentityModel.Tokens, System.IdentityModel.Tokens.Jwt, YamlDotNet) are intact.

2. INFO -- No code references FluentValidation. Searched all .cs files across the entire repository for: FluentValidation, AbstractValidator, IRuleBuilder, RuleFor, RuleForEach, AddValidatorsFromAssembly, AddFluentValidation, FluentValidationAutoValidation, and using FluentValidation. Zero matches in any source file.

3. INFO -- No transitive dependency risk. No other .csproj file in the solution (including test projects) references FluentValidation. No NuGet package in the dependency graph requires FluentValidation as a transitive dependency.

4. INFO -- Existing .Validate() calls are custom, not FluentValidation. The codebase has Validate() method calls in StarterPackManifestValidator, SsrfProtectionService, and CaptureTriageOutputContract -- all are hand-written validation logic with no dependency on the FluentValidation library.

5. LOW -- AUDIT.md still lists FluentValidation as a finding. docs/AUDIT.md line 71 has: | LOW | FluentValidation referenced but no validators found | .csproj |. This PR directly resolves that audit finding. Consider marking it as resolved in a follow-up cleanup, though this is not a blocker.

6. INFO -- Gemini Code Assist review is clean. Bot review found no issues.

CI Status

All 15 CI checks PASS:

• Backend Unit (ubuntu + windows): pass
• API Integration (ubuntu + windows): pass
• Backend Architecture: pass
• Frontend Unit (ubuntu + windows): pass
• E2E Smoke: pass
• Container Images: pass
• Migration Validation: pass
• Docs Governance: pass
• CodeQL + Code Analysis (csharp, javascript-typescript, actions): pass

Gitleaks is not listed in this PR's checks. The pre-existing Gitleaks workflow issue (affecting all PRs) does not apply here.

Verdict

APPROVE -- This is a clean, single-line dependency removal. The package was genuinely unused (confirmed independently via exhaustive code search). No hidden references, no transitive dependency risks, no accidental collateral changes. CI is fully green. Safe to merge.