chore: add linting-full workflow and pre-commit gate

[crivetimihai]

Summary

• add a dedicated linting-full workflow in GitHub Actions
• add linting-* Make targets for additional tooling and keep linting-full limited to passing gates
• run make pre-commit in linting-full
• harden make pre-commit execution for local/CI reliability with deterministic cache/env setup
• update pre-commit source-placeholder rule exclusions for Python files
• fix executable mode for scripts/license_checker.py

Partially addresses #2383

[crivetimihai]

Progress update for this PR (and #2383)

Implemented in this branch so far:

• Added dedicated linting-full workflow (.github/workflows/linting-full.yml) running:
  • make --no-print-directory pre-commit
  • make --no-print-directory linting-full
• Fixed make pre-commit bootstrap in pipless CI environments.
• Added/standardized linting-* Makefile targets for selected tooling.
• Fixed Helm unittest plugin install compatibility (handles Helm verify behavior, including --verify=false when supported).
• Added targeted pre-commit excludes for current false positives in plugins_rust/secrets_detection/* paths.
• Resolved current Go gosec findings across discovered Go modules and enforced linting-go-gosec in LINTING_FULL_TARGETS.

Current status:

• make --no-print-directory pre-commit passes
• make --no-print-directory linting-full passes

What’s left / next (based on latest local matrix run):

Likely next to enforce:

1. linting-security-checkov (currently 6 findings, mostly workflow permissions/workflow_dispatch policy)
2. linting-docs-markdown-links (3 localhost links)
3. linting-docs-codespell (typo backlog + allowlist decisions)

Not gate-ready yet (larger backlog):

• linting-workflow-zizmor
• linting-security-kube-linter
• linting-security-trufflehog
• linting-python-fixit
• linting-python-xenon
• linting-python-refurb
• linting-python-darglint