[AAP-71476] Fix SonarCloud reliability and security issues (#989)

## Summary

- Remove duplicate `id` attributes from inline SVGs in JWT consumer
redirect page (63 reliability issues)
- Replace `[` / `test` with `[[` in shell scripts for safer conditionals
(6 reliability issues)
- Replace `permissions: read-all` with specific scopes in SonarCloud
workflow (1 security vulnerability)
- Pass secrets via `env:` block instead of command line in CI workflow
(1 security hotspot)

Additionally, the following were reviewed and resolved in the SonarCloud
UI:
- 5 security vulnerabilities marked as accepted risk (loosely-pinned dev
deps, Poetry source builds)
- 1 security vulnerability marked as won't fix (dev-only hard-coded
password in test_app)
- 3 security hotspots marked as safe (dev Postgres password, internal
dvcs-action@devel, Google Fonts SRI incompatibility)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Safer CI credential handling and quieter test-report uploads.
  * Reduced workflow permissions to follow least-privilege principles.

* **Style**
* Simplified embedded SVG markup in redirect pages while preserving
visuals.
* Modernized shell script conditionals for consistency and
maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: lucasc017

.github/workflows/ci.yml

@@ -95,9 +95,12 @@ jobs:
         if: matrix.tests.junit-xml-upload && github.event_name == 'push' && github.repository == 'ansible/django-ansible-base' && github.ref_name == 'devel'
         continue-on-error: true
         run: >-
-          curl -v --user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}"
+          curl --silent --show-error --user "$PDE_UPLOAD_USER:$PDE_UPLOAD_PASSWORD"
           --form "xunit_xml=@django-ansible-base-test-results.xml"
           --form "component_name=django-ansible-base"
           --form "git_commit_sha=${{ github.sha }}"
           --form "git_repository_url=https://github.com/${{ github.repository }}"
           "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/"
+        env:
+          PDE_UPLOAD_USER: ${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}
+          PDE_UPLOAD_PASSWORD: ${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}

.github/workflows/sonar-pr.yml

@@ -30,7 +30,10 @@ on:
       - CI
     types:
       - completed
-permissions: read-all
+permissions:
+  contents: read
+  actions: read
+  pull-requests: read
 jobs:
   sonar-pr-analysis:
     name: SonarCloud PR Analysis