Add WordPress and WooCommerce validation tools for PluginCompass

- Create wordpress-validate.cjs tool for WordPress plugin validation
- Create woocommerce-validate.cjs tool for WooCommerce-specific checks
- Create agent/wordpress.md system prompt for PluginCompass branding
- Update opencode.jsonc to enable new tools and agent configuration

Both tools are token-efficient:
- Success: minimal JSON output (~50 tokens)
- Failure: detailed issues with file paths, line numbers, and suggestions

wordpress-validate checks:
- Forbidden functions (eval, exec, shell_exec, etc.)
- SQL injection vulnerabilities
- XSS vulnerabilities (direct superglobal echo)
- CSRF protection (nonces)
- Capability checks
- Direct file access protection
- Deprecated WordPress functions
- AJAX security
- REST API security
- CSS overlap issues

woocommerce-validate checks:
- HPOS compatibility declaration
- Legacy database access patterns
- Deprecated WooCommerce code
- Version headers (WC tested up to, WC requires at least)
- Database safety (dbDelta usage)
- Blocks compatibility
- Payment gateway implementation
- Shipping method implementation
- AJAX security

All tools follow opencode AGENTS.md coding standards

opencode/.opencode/opencode.jsonc

@@ -12,5 +12,13 @@
   "tools": {
     "github-triage": false,
     "github-pr-search": false,
+    "wordpress-validate": true,
+    "woocommerce-validate": true,
   },
+  "agent": {
+    "wordpress": {
+      "prompt": "agent/wordpress.md",
+      "model": "opencode/kimi-k2.5"
+    }
+  }
 }