security: strip absolute paths leaking dev machine + private monorepo

T.6 post-publish audit caught two leaks in the published artefacts:

1. `conversion_report.json` (4 hits on both HF and GitHub) exposed
   absolute paths from the build machine:
       "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/X.safetensors"
       "onnx":        "/tmp/supertonic3/model/onnx/X.onnx"
   This revealed the dev Mac's username (transcrilive) + the private
   monorepo name (MLX_CONVERTOR) + the internal sub-projects layout.

2. `src/supertonic_3_mlx/pipeline.py` docstring (1 hit) had a
   from_pretrained example pointing at /tmp/supertonic3/model.

Fixes:
- conversion_report.json regenerated with basenames only
  ("vector_estimator.onnx" / "weights/vector_estimator.safetensors")
- pipeline.py docstring example updated to use the canonical Hub repo id
- the upstream converter tool (in the dev monorepo) patched so future
  regenerations of the report don't reintroduce the leak

No tokens, credentials, or keys were ever exposed; tokens are kept only
in env vars / keyrings and never enter the published artefacts.

conversion_report.json

@@ -2,8 +2,8 @@
   "models": [
     {
       "model": "VectorEstimator",
-      "onnx": "/tmp/supertonic3/model/onnx/vector_estimator.onnx",
-      "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/vector_estimator.safetensors",
+      "onnx": "vector_estimator.onnx",
+      "safetensors": "weights/vector_estimator.safetensors",
       "bytes": 256053073,
       "sha256": "2359240f2dcaee03b4800102aa0bea00223d2867ab752ef01af2b1cfaf92f3a6",
       "weights_kept": 351,
@@ -134,8 +134,8 @@
     },
     {
       "model": "TextEncoder",
-      "onnx": "/tmp/supertonic3/model/onnx/text_encoder.onnx",
-      "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/text_encoder.safetensors",
+      "onnx": "text_encoder.onnx",
+      "safetensors": "weights/text_encoder.safetensors",
       "bytes": 36022466,
       "sha256": "9df20bb79496718b36d2c0fc37636d3f78d6ef751b2899ff6dfeb975ae737ada",
       "weights_kept": 146,
@@ -145,8 +145,8 @@
     },
     {
       "model": "DurationPredictor",
-      "onnx": "/tmp/supertonic3/model/onnx/duration_predictor.onnx",
-      "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/duration_predictor.safetensors",
+      "onnx": "duration_predictor.onnx",
+      "safetensors": "weights/duration_predictor.safetensors",
       "bytes": 3470807,
       "sha256": "cd473acb6e0ac27426084488ccb3b3cc184e70d05db90897e2b892846db5dcb3",
       "weights_kept": 98,
@@ -156,8 +156,8 @@
     },
     {
       "model": "Vocoder",
-      "onnx": "/tmp/supertonic3/model/onnx/vocoder.onnx",
-      "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/vocoder.safetensors",
+      "onnx": "vocoder.onnx",
+      "safetensors": "weights/vocoder.safetensors",
       "bytes": 101364763,
       "sha256": "b2ec31ab7c554f6e15b9a6780554b5d3502345de7848b310966bfb4e1ea4e526",
       "weights_kept": 103,

src/supertonic_3_mlx/pipeline.py

@@ -25,7 +25,7 @@ Flow:
 
 Public API:
 
-    pipe = SupertonicMLXPipeline.from_pretrained("/tmp/supertonic3/model")
+    pipe = SupertonicMLXPipeline.from_pretrained("ambassadia/supertonic-3-mlx")
     wav = pipe.generate("Hello world", voice="F1", lang="en")
     import soundfile as sf
     sf.write("out.wav", wav, pipe.sample_rate)