Sonar Sweep · low-risk desktop and script cleanup

[iurii-izman]

Summary

Close the remaining low-risk Sonar findings that are safe to fix in one pass without destabilizing runtime behavior.

Scope

• shell script smell cleanup in scripts/run_desktop_native_smoke.sh
• JS nesting cleanup in native/desktop test harness files
• small Python hotspot cleanup in helper scripts/modules
• test-only Sonar cleanup (S1186, S3358)
• sync docs/project and re-check Sonar issue list after remote re-analysis

Notes

Local cleanup is implemented and validated with targeted pytest, ruff, docs consistency, and npm --prefix desktop run e2e:release-gate.
The issue stays open until SonarCloud re-analyzes the pushed commit and we confirm the residual backlog.

Out of scope

• broad main.py hotspot refactors unless residual Sonar findings prove they are still necessary
• GTK/Tauri ecosystem dependency refresh for the remaining glib Dependabot alert (tracked separately in Desktop Linux GTK Refresh · resolve remaining glib Dependabot alert #164)

[iurii-izman]

Pushed commit 305149b with the local low-risk Sonar sweep. Local verification is green: targeted pytest (48 passed), ruff, docs consistency, and desktop release gate (27 passed). Waiting for SonarCloud to re-analyze main; after that we can close this issue or triage the true residual backlog.