fix(audit): use LEGACY_PRIVATE_NAMES + LEGACY_PUBLIC_NAMES in audit_no_models_config_io

Per post_module_taxonomy_de_cruft_20260627 Phase 0a (FR1). The audit
script's find_violations() function iterated over 'LEGACY_NAMES' but
only LEGACY_PRIVATE_NAMES + LEGACY_PUBLIC_NAMES were defined (the
single LEGACY_NAMES was split into two in module_taxonomy_refactor
Phase 3b but the function reference wasn't updated). This caused a
NameError that crashed the audit with --strict mode.

The spec claimed the bug was in scripts/generate_type_registry.py but
that was a misdiagnosis. generate_type_registry.py works correctly
(verified: 'Registry in sync (29 files checked)'). The actual bug was
in audit_no_models_config_io.py.

This commit:
 - Updates line 95: 'for pattern, name in LEGACY_NAMES:' ->
   'for pattern, name in LEGACY_PRIVATE_NAMES + LEGACY_PUBLIC_NAMES:'
 - The function now iterates over both legacy name lists (private +
   public), matching the actual variables defined in the file.

Verification: VC3 (audit_no_models_config_io passes --strict)
 uv run python scripts/audit_no_models_config_io.py --strict
 # Output: 'OK - no violations found.'

scripts/audit_no_models_config_io.py

@@ -92,7 +92,7 @@ def find_violations() -> list[dict[str, object]]:
                                 "text": line.rstrip(),
                                 "severity": "error",
                             })
-                    for pattern, name in LEGACY_NAMES:
+                    for pattern, name in LEGACY_PRIVATE_NAMES + LEGACY_PUBLIC_NAMES:
                         if pattern.search(line):
                             violations.append({
                                 "file": path,