feat: add false-positive filter for remediation commits

[Fieldnote-Echo]

Problem

Grippy flags remediation changes as new findings. Example from PR #16: updating .secrets.baseline to include a test-data AWS key pattern triggered a HIGH finding — even though the baseline update was the fix for a pre-commit failure on that same test data.

Similarly, adding a trailing newline to scorecard.svg (fixing end-of-file-fixer) was flagged as LOW noise.

The agent is essentially reviewing its own remediation and flagging the fix as a problem.

Scope

• Detect when a change is a remediation/cleanup commit (baseline updates, pragma additions, linter fixes) vs. introducing new risk
• Suppress or downgrade findings that are direct consequences of fixing a prior finding
• Could be prompt-level (teach the agent to recognize remediation patterns) or structural (pre-filter known remediation file patterns before they reach the LLM)

Examples

File	Finding	Why it's a false positive
.secrets.baseline	HIGH: AWS key added to baseline	Baseline update is the fix — test data uses a fake sequential key pattern
.github/badges/scorecard.svg	LOW: badge newline normalization	Fix for pre-commit end-of-file-fixer failure

Considerations

• Touches prompt chain (prompts_data/), possibly schema (schema.py)
• Need to distinguish "acknowledging a known pattern" from "suppressing a real risk"
• Could leverage commit message context or diff heuristics (e.g., only .secrets.baseline changed, pragma added on same line)

Originated from PR #16 review.