Remove real contact numbers from tests and update tooling

- Replace real phone numbers in tests with Ofcom-reserved fictitious
  numbers (447700900xxx range) throughout test suite
- Add SIGNAL_NUMBER to stack.env.example documenting required env var
- Update pre-commit hooks to latest versions (black 26.3.0, isort 8.0.1,
  flake8 7.3.0, djhtml 3.0.10, ripsecrets v0.1.11)
- Add CLAUDE.md with rule prohibiting real contact identifiers in code

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CLAUDE.md

@@ -0,0 +1,27 @@
+# GIA — Claude Code Rules
+
+## Privacy: No Real Contact Data in Code
+
+**NEVER use real contact identifiers in tests, fixtures, seeds, or any committed file.**
+
+Real contact data includes: phone numbers, JIDs, email addresses, usernames, or any identifier belonging to an actual person in the user's contacts.
+
+### Use fictitious data instead
+
+| Type | Safe fictitious examples |
+|---|---|
+| UK mobile (E.164) | `+447700900001`, `+447700900002` (Ofcom-reserved range 07700 900000–900999) |
+| UK mobile (no +) | `447700900001`, `447700900002` |
+| US phone | `+15550001234`, `+15550009999` (555-0xxx NANP reserved range) |
+| Email | `test@example.com`, `user@example.invalid` |
+| WhatsApp JID | `447700900001@s.whatsapp.net`, `447700900001@g.us` |
+
+### Why this matters
+
+AI coding tools (Copilot, Claude) will reuse any values they see in context. A real number placed in a test becomes training signal and will be suggested in future completions — potentially leaking it further.
+
+### Quick check
+
+Before committing test files, verify no identifier matches a real person:
+- No number outside the reserved fictitious ranges above
+- No name that corresponds to a real contact used as a literal identifier