docs(faq): trim Q3 answer — drop "Two layers." opener and Semgrep-compat repeat

Two cleanups to the "What are AST-pattern rules?" answer:

  - Removed the meta-framing opener "Two layers." — the two-layer
    structure (rules + engine) reads clearly from the first two
    sentences without the heading.

  - Removed the duplicate Semgrep/ast-grep compatibility claim. The
    first sentence already establishes the rule format is shared with
    Semgrep and ast-grep; the closing clause "the rule format is the
    same one you'd write for Semgrep or ast-grep" repeats it.

Final closing: "When a rule fires on safe code, you refine it directly."

Dropped the obsolete "opens with the two-layer framing" vitest
assertion that hard-coded the removed opener. The remaining five
assertions still hold — AST-pattern rules, Whole-program taint
analysis, AST-pattern matchers, ast-grep, and Semgrep all still
appear in the text.

Author: misonijnik

src/lib/__tests__/faq.test.ts

@@ -8,10 +8,6 @@ describe("faq Q3 — AST-pattern rules answer", () => {
     expect(q3).toBeDefined();
   });
 
-  it("opens with the two-layer framing", () => {
-    expect(q3?.answer).toMatch(/^Two layers\./);
-  });
-
   it("names AST-pattern rules as one layer", () => {
     expect(q3?.answer).toMatch(/AST-pattern rules/);
   });

src/lib/faq.ts

@@ -15,7 +15,7 @@ export const faqItems: readonly FaqItem[] = [
   },
   {
     question: "What are AST-pattern rules?",
-    answer: "Two layers. AST-pattern rules describe the shape of vulnerable code — the same rule format Semgrep and ast-grep use, readable by humans and AI agents alike. Whole-program taint analysis is what reads them: the engine models data flow across the entire program — through function boundaries, fields, async code, and persistence layers — and follows each rule's metavariables as values moving through that flow. AST-pattern matchers stop at the syntactic match; OpenTaint keeps tracing the data through them. When a rule fires on safe code, you refine it directly — the rule format is the same one you'd write for Semgrep or ast-grep.",
+    answer: "AST-pattern rules describe the shape of vulnerable code — the same rule format Semgrep and ast-grep use, readable by humans and AI agents alike. Whole-program taint analysis is what reads them: the engine models data flow across the entire program — through function boundaries, fields, async code, and persistence layers — and follows each rule's metavariables as values moving through that flow. AST-pattern matchers stop at the syntactic match; OpenTaint keeps tracing the data through them. When a rule fires on safe code, you refine it directly.",
   },
   {
     question: "Why not just use an LLM agent for security scanning?",