ci(lint): enforce no function-body imports (PLC0415) with targeted ignores

Follow-up to #40231 (merged), where a reviewer flagged a function-body
`from datetime import datetime, timedelta` instead of a top-of-file
import. Adds a `ruff-import-placement` pre-commit hook running
`ruff check --select PLC0415 --preview --no-fix`.

Per @rusackas's pushback on the first cut of this PR — which spammed
2,657 `# noqa: PLC0415` annotations across ~410 files without fixing
anything — this revision is a much smaller surface area:

1. **Per-file-ignores** for whole directories where function-body
   imports are a deliberate pattern, not an oversight:
   - `superset/cli/**` and `scripts/**`: subcommand-deferred imports
     keep heavy modules out of the CLI startup path.
   - `superset/tasks/**`: Celery task bodies defer imports of the
     modules they orchestrate.
   - `superset/migrations/versions/**`: Alembic migrations interact
     with model state at runtime, not at module load.
   - `superset/mcp_service/**`: MCP tools lazy-load resources on
     invocation so the server can register many tools without paying
     their import cost at startup.
   - `superset/db_engine_specs/**`: engine specs defer driver imports
     so optional DB drivers don't have to be installed.
   - `superset/initialization/__init__.py`, `superset/extensions/__init__.py`,
     `superset/app.py`: the app-factory and extension wiring are
     intentionally full of circular-import workarounds.
   - `tests/**`: test files routinely defer imports for fixture
     isolation; the rule still applies to production code.

2. **Per-line `# noqa: PLC0415`** on the 259 remaining genuine
   circular-import sites (security/manager.py, sql/execution/executor.py,
   semantic_layers/labels.py, tags/core.py, core_api_injection.py, etc.).
   These are foundational modules where moving the imports up would
   actually break things.

Net result: ~410 files / 2,657 grandfathered → ~73 files / 259 actual
noqa annotations. The rule still catches every new function-body
import outside the explicitly-allowed directories.

Also: silences a pre-existing C901 on `mcp_service/sql_lab/tool/execute_sql.py`
that fires under newer local ruff but not CI's pinned ruff 0.9.7 — blocks
the local pre-commit run otherwise.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

superset/sql/execution/celery_task.py

@@ -109,7 +109,7 @@ def _handle_query_error(
 
 def _serialize_payload(payload: dict[Any, Any]) -> bytes:
     """Serialize payload for storage based on RESULTS_BACKEND_USE_MSGPACK config."""
-    from superset import results_backend_use_msgpack
+    from superset import results_backend_use_msgpack  # noqa: PLC0415
 
     if results_backend_use_msgpack:
         return msgpack.dumps(payload, default=json.json_iso_dttm_ser, use_bin_type=True)
@@ -298,8 +298,8 @@ def _serialize_result_set(
     :param result_set: Query result set to serialize
     :returns: Tuple of (serialized_data, columns)
     """
-    from superset import results_backend_use_msgpack
-    from superset.dataframe import df_to_records
+    from superset import results_backend_use_msgpack  # noqa: PLC0415
+    from superset.dataframe import df_to_records  # noqa: PLC0415
 
     if results_backend_use_msgpack:
         if has_app_context():