…§356 pin tests

Addresses 4 findings from the post-audit 4-eyes review (HIGH H1, H2 + MEDIUM
M5, M8). Stacked onto PR-i18n-2c so the legally load-bearing checkbox label
ships with the rest of the BGB-waiver feature.

H1: BGB-waiver checkbox in pricing.html had an empty msgstr in de.po —
DE-locale customers saw the §356 (5) BGB consent text only in English.
Added the German translation and re-compiled the .mo so /de/pricing now
renders "Ich verzichte auf mein 14-tägiges Widerrufsrecht und stimme
der sofortigen Vertragsausführung gemäß § 356 Abs. 5 BGB zu."

H2: test_pricing_renders_live_buttons_with_waiver_gate_when_stripe_enabled
pinned the structural HTML anchors (`id="pro-waiver"`, `data-target=`)
but not the legal text. A copy-edit could have dropped "§356" or "14-day"
without breaking any test. Added two assertions that fail loudly if either
is removed.

M5: locale/messages.pot and both .po files carried "Project-Id-Version:
FileMorph VERSION" with the Babel placeholder. scripts/i18n.py now reads
the version from pyproject.toml and passes --version=1.0.0 to pybabel
extract; the same value is used by drift-check so headers stay
deterministic.

M8: The waiver-gate test set templates.env.globals["stripe_enabled"] = True
without restoring it. Jinja globals are session-shared across pytest, so
later tests that hit /pricing in Coming-Soon mode could read the leaked
True. Wrapped the assertion block in try/finally that restores the
original value (or pops it if unset).

Verification:
- pytest tests/ -q: 473 passed, 15 skipped
- ruff check . + ruff format --check .: clean
- python scripts/i18n.py drift-check: exit 0
- de.po: 401/401 (100%) translated

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>