feat(instructions): comprehensive update to security, a11y, and performance instructions

## Security (`security-and-owasp.instructions.md`)
- Update OWASP Top 10 from 2021 to **2025** (A03 Supply Chain NEW, A10 Mishandling Exceptions NEW)
- Add 55 anti-patterns with severity, detection regex, OWASP reference, and framework-specific code fixes
- Add AI/LLM security section (prompt injection, output validation)
- Cover 6 frameworks: Next.js, Angular, React, Vue, Express, Go

## Accessibility (`a11y.instructions.md`)
- Add complete WCAG 2.2 AA criteria table (~35 criteria organized by POUR)
- Add 38 anti-patterns with severity, WCAG reference, and code fixes
- Add legal enforcement context (EAA June 2025, ADA Title II April 2026)
- Add WCAG 3.0 forward-looking note
- Cover 4 frameworks: Next.js, Angular, React, Vue

## Performance (`performance-optimization.instructions.md`)
- Add Core Web Vitals sub-metrics (LCP phases, INP phases, CLS sources)
- Add 50 anti-patterns with severity, CWV metric, and code fixes
- Update for Next.js 16 ("use cache", cacheComponents), Angular 20 (zoneless, incremental hydration)
- Add modern APIs: Speculation Rules, View Transitions, Long Animation Frames (LoAF)
- Cover 4 frameworks: Next.js, Angular, React, Vue

Author: gonzafg2