Use system Prettier pre-commit hook

[geropl]

Description

This PR switches the Prettier pre-commit hook from the remote pre-commit/mirrors-prettier Node hook to a local language: system hook that uses the preinstalled prettier binary.

It also pins dev/npm-tools to Prettier 2.6.2, matching the previous hook version to avoid broad formatting churn, and removes the visible npx blocking stub from the dev image Dockerfiles because that blocking is handled elsewhere.

Related Issue(s)

Fixes CORE-

How to test

• pre-commit validate-config
• PATH="/workspace/gitpod/dev/npm-tools/node_modules/.bin:$PATH" pre-commit run prettier --all-files --verbose
• Commit hook run during git commit passed for the staged changes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​prettier@​3.7.4 ⏵ 2.6.2	-1		+1

View full report

[ona-integrations]

Reviewed the changes. Implementation looks solid: good code quality and consistency with established patterns (the migration to a repo: local / language: system Prettier hook matches the local-hook convention already used elsewhere, and the Prettier version pin to 2.6.2 is intentional to avoid formatting churn). No significant concerns.

Documentation review ran in docs-drift mode for this code-only change and found no required doc updates (drift risk: low).

Low-risk determination: Escalate to human review
This change does not meet all low-risk criteria or has review findings requiring human attention before merge.

• Size: pass — additions 11 + deletions 26 = 37 total changed lines, far below the 1,000-line threshold.
• Protobuf: pass — no .proto files added or modified.
• Database migrations: pass — no migration files added or modified.
• Infrastructure/CI: fail — modifies .devcontainer/Dockerfile and dev/image/Dockerfile, which are dev/devcontainer image build (platform) configuration. This also removes the npx-blocking security-hardening control from both images; the PR states the blocking is "handled elsewhere", but that replacement could not be verified, so the security-posture change needs human confirmation.
• Auth and authorisation: pass — no authentication, authorisation, RBAC, roles, permissions, scopes, policies, guards, ACLs, route protection, or session handling logic is changed.
• Audit logging and monitoring: pass — no audit logging, monitoring, metrics, tracing, alerting, or observability configuration is affected.