Run a full security audit of this Go codebase. For each finding rated
HIGH or CRITICAL: spawn a sub-agent using Task to implement the fix
across all affected files (models, handlers, migrations, templates,
tests). Each sub-agent must: 1) write a failing test that reproduces the
vulnerability, 2) implement the fix, 3) run `go test ./...` and `go vet
./...` in a loop until all pass, 4) commit with a message referencing
the finding ID. After all sub-agents complete, generate a summary of
what was fixed and what needs manual review.