Fix SonarCloud violations

[Takishima]

Summary

This PR fixes multiple SonarCloud violations across the codebase:

Python Code Fixes

• cmake_pc_hooks/_argparse.py: Fixed return type annotation for _load_from_toml method (was None, now correctly argparse.Namespace)
• cmake_pc_hooks/_cmake.py: Reduced cognitive complexity by extracting helper methods (_process_keyword_cmake_args, _process_flag_cmake_args, _process_platform_cmake_args)
• tests/python/_cmake_test.py:
  • Reduced cognitive complexity by extracting test helper functions
  • Renamed InterProcessReaderWriterLock → mock_rw_lock and FileLock → mock_file_lock to follow naming conventions

GitHub Actions Security Fixes

• .github/workflows/pull_request.yml: Use environment variable for PR body instead of direct interpolation to prevent command injection
• .github/workflows/format.yml: Use environment variables for branch names in run commands
• .github/workflows/publish_release.yml: Use environment variables for branch names in run commands
• .github/workflows/draft_release.yml: Added tag format validation step and use environment variable for run commands

Shell Script Fixes

• tests/run_tests.sh:
  • Replaced [ ] with [[ ]] for safer conditional tests
  • Added explicit return statements at end of functions
  • Merged nested if conditions where applicable

Test plan

• All 91 Python tests pass
• CI pipeline passes

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -0.10%)	✅ 100.00% (target: 70.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (31f4f29)	604	604	100.00%
Head commit (0668084)	610 (+6)	610 (+6)	100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#136)	19	19	100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (31f4f29) to head (0668084).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #136   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           10        10           
  Lines          604       610    +6     
  Branches       101       101           
=========================================
+ Hits           604       610    +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.