Missed detection: unchecked `as` type cast in JSON response parsing

[CodeDeficient]

Bug Description

KarpeSlop --quiet --strict did not flag an unchecked as type cast used on a response.json() result.

Example

const data = (await response.json()) as PhotonResponse;

This is an unsafe assertion — if the API returns unexpected data, the as cast silently assigns an incorrect type. There is no runtime validation.

A second variant with an inline interface was also missed:

const data = (await response.json()) as {
  type: string;
  features: Array<{...}>;
};

Where Found

• lib/utils/geocoding/photon.ts:96 — as PhotonResponse
• lib/utils/geocoding.ts:212 — as { type: string; features: Array<{...}> }

Expected Behavior

KarpeSlop should flag as T casts where T is a complex object type (interface or inline object literal) applied to response.json() or fetch().json() results, since these are inherently unknown at runtime.

Suggested Fix

Add a detection rule for as casts where:

1. The LHS is await response.json() or similar json() call
2. The RHS is an interface or inline object literal type

This pattern is a common AI-generated anti-pattern — it creates a false sense of type safety.

Proposed KarpeSlop Rule

AXE-3 (Type Safety): unsafe-json-cast — detect as T casts on json() return values where T is not unknown.