Fix the Q Developer rules

Author: poad

.amazonq/rules/review-rules.md

@@ -3,22 +3,12 @@
 - Comments should be provided in Japanese by default, while maintaining English-based technical analysis to ensure review quality.
 - When you find a problem, suggest a solution.
 - If you find a problem that is not in the code, point it out.
+
+## Security review
+
 - Always evaluate security implications of code changes.
 - Check for potential vulnerabilities and secure coding practices.
-- Check for hardcoded credentials, API keys, and sensitive data
 - Verify no hardcoded credentials or secrets
 - Ensure proper input validation and sanitization
 - Check dependencies for known vulnerabilities
-- Verify proper input validation and sanitization
-- Ensure secure communication protocols (HTTPS, TLS)
-- Review permission and access control implementations
-- Check for proper error handling of security-related operations
-- Validate secure storage of sensitive data
-- Check for proper WebView configuration.
-- Secure data storage using Android Keystore, and safe handling of Intent data.
-- Since this is a Device Flow client, please verify OAuth 2.0 Device Flow-specific security considerations.
-  - Ensure that proper PKCE implementation is in place
-  - Ensure that secure token handling is implemented
-  - Ensure that state verification is performed
-  - Verify secure random number generation for state and PKCE values
-  - Check for proper timing attack mitigations in token comparisons
+  - Use GitHub Dependabot alerts and `pnpm audit`