fix(ci): update the correct detect-secrets baseline + UTF-8-safe YAML reader

secrets-supply-chain (root cause: wrong baseline file in prior fix):
  CI invokes 'detect-secrets-hook --baseline .github/detect-secrets.baseline'
  (verified in .github/workflows/pr-gate.yml:456). The previous fix
  updated .secrets.baseline (used by the local pre-commit hook), which
  CI ignores. Regenerated .github/detect-secrets.baseline with the
  4 frozen-artefact JSON files recorded as known-acceptable Hex High
  Entropy String findings (PARAMETER_LOCK.json, SOURCE_HASHES.json,
  daily/*/run_manifest.json, wave1_fx/universe.json). Baseline count
  6 -> 91. Both .secrets.baseline and .github/detect-secrets.baseline
  now stay consistent.

python-fast-tests (UnicodeDecodeError in test_combo_v1_fx_wave1_rejected):
  scripts/registry_validator.py:load_registry opened the YAML file
  without an explicit encoding. On the GitHub-hosted runner the
  default C.UTF-8 / ASCII locale caused a UnicodeDecodeError on the
  em-dashes ('—', 0xE2 0x80 0x94) in the YAML comments. Added
  explicit 'encoding="utf-8"' to the open() call.

SOURCE_HASHES.json regenerated to reflect the registry_validator.py
byte-change above.

No signal logic touched. No parameter modified. No evidence CSV
edited. combo_v1 closure intact.

Author: neuron7xLab