docs(badge): wire OpenSSF Best Practices project_id 12650 (RAN-46 AC #8)

Board registered the project at bestpractices.dev/projects/12650 in
RAN-46 comment 429464e6. Patches:

- .bestpractices.json: project_id null -> 12650; replaces the
  "registration_blocker" audit field with the live project URL +
  registration date; drops the "auth-blocked" _comment.
- README.md: replaces the placeholder shields.io "pending registration"
  badge with the live bestpractices.dev/projects/12650/badge image and
  links it to the live project page.

This satisfies RAN-46 AC #8 (OpenSSF Best Practices badge present and
rendered in README) and clears the third of the three board-side
gates flagged on RAN-46. Independent of PR #91 (security-stack revert
to OSS-CLI) — both can land in either order.

Author: aksOps

.bestpractices.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://bestpractices.coreinfrastructure.org/projects.schema.json",
-  "_comment": "OpenSSF Best Practices self-assessment skeleton for RandomCodeSpace/codeiq. The numeric project_id and badge URL are populated by a board admin after registering the project at https://www.bestpractices.dev/ — RAN-46 AC #8 calls this out as auth-blocked. Once the registration is complete, fill `project_id` and re-render the README badge with the resolved URL.",
-  "project_id": null,
+  "_comment": "OpenSSF Best Practices self-assessment for RandomCodeSpace/codeiq. Registered 2026-04-25 by the board (RAN-46 AC #8). Live project page: https://www.bestpractices.dev/projects/12650",
+  "project_id": 12650,
   "name": "codeiq",
   "description": "Deterministic code knowledge graph — scans codebases to map services, endpoints, entities, infrastructure, auth patterns, and framework usage. No AI, pure static analysis.",
   "homepage_url": "https://github.com/RandomCodeSpace/codeiq",
@@ -36,6 +36,7 @@
   "audit": {
     "self_assessment_date": "2026-04-25",
     "self_assessment_author": "TechLead (RAN-46)",
-    "registration_blocker": "https://www.bestpractices.dev/ requires human OAuth/form. Tracked under RAN-46 AC #8."
+    "registered_at": "https://www.bestpractices.dev/projects/12650",
+    "registered_date": "2026-04-25"
   }
 }

README.md

@@ -13,7 +13,7 @@
   <a href="https://sonarcloud.io/summary/overall?id=RandomCodeSpace_codeiq"><img src="https://sonarcloud.io/api/project_badges/measure?project=RandomCodeSpace_codeiq&metric=security_rating" alt="Security"></a>
   <a href="https://sonarcloud.io/summary/overall?id=RandomCodeSpace_codeiq"><img src="https://sonarcloud.io/api/project_badges/measure?project=RandomCodeSpace_codeiq&metric=reliability_rating" alt="Reliability"></a>
   <a href="https://api.securityscorecards.dev/projects/github.com/RandomCodeSpace/codeiq"><img src="https://api.securityscorecards.dev/projects/github.com/RandomCodeSpace/codeiq/badge" alt="OpenSSF Scorecard"></a>
-  <a href="https://www.bestpractices.dev/projects/codeiq"><img src="https://img.shields.io/badge/OpenSSF%20Best%20Practices-pending%20registration-lightgrey?style=flat-square&logo=openssf&logoColor=white" alt="OpenSSF Best Practices (pending registration — RAN-46 AC #8)"></a>
+  <a href="https://www.bestpractices.dev/projects/12650"><img src="https://www.bestpractices.dev/projects/12650/badge" alt="OpenSSF Best Practices"></a>
   <a href="https://github.com/RandomCodeSpace/codeiq"><img src="https://img.shields.io/badge/detectors-97-brightgreen?style=flat-square&logo=codefactor&logoColor=white" alt="97 Detectors"></a>
   <a href="https://github.com/RandomCodeSpace/codeiq"><img src="https://img.shields.io/badge/languages-35%2B-blue?style=flat-square&logo=stackblitz&logoColor=white" alt="35+ Languages"></a>
 </p>