fix(vendor): Add max length validation to update_vendor_agent_notes()

[Jean-Regis-M]

Summary

Adds input validation to update_vendor_agent_notes() to enforce a 10,000 character limit on agent_notes, matching the fix in #165 for the similar issue with invoice notes.

Problem

The update_vendor_agent_notes function currently accepts arbitrarily long notes (tested up to 10,001 characters). This allows unbounded growth of the agent_notes field, which is included in get_vendor_risk_profile responses, leading to payload bloat and potential performance issues in risk assessment calls.

Solution

• Added a MAX_NOTES_LENGTH = 10_000 constant
• Added validation before concatenating with existing notes
• Raises ValueError with a clear message when input exceeds the limit
• Updated the function docstring to document the exception

Impact

• Prevents database record bloat from oversized notes
• Reduces risk of API response size inflation in get_vendor_risk_profile
• Aligns vendor notes validation with the recently fixed invoice notes validation (Bug_054_EVALUATE: Test Case VND-NOTES-008 — update_vendor_agent_notes has no maximum length limit on notes #165 )
• Zero impact on existing valid use cases

Testing

• Verified test_vnd_notes_008 now passes (previously failed)
• Verified test_vnd_notes_001 and test_vnd_notes_003 still pass (no regressions)