Fix HIGH priority issues: unbounded queries, rate limiting, health checks

Issue #3 - Unbounded Query Results (OOM):
- get_all_archived_history() now uses keyset pagination with bounded max_rows (50k default)
- Added 'id' field to records from get_archived_history() and get_archived_history_keyset()
- Protocol signature updated with page_size, max_rows, last_ban_id params

Issue #7 - Docker Health Check Fails:
- Added curl to Dockerfile.backend runtime image
- HEALTHCHECK now uses 'curl -f http://localhost:8000/api/health'
- compose.prod.yml: increased start_period to 40s, timeout to 10s
- Frontend healthcheck proxies to backend /api/health

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Docs/Backend-Development.md

@@ -1592,6 +1592,33 @@ except Exception as exc:
     raise
 ```
 
+### 7.6 Domain Model Pattern for Services
+
+Services **return domain models** (frozen dataclasses), not Pydantic response models. Conversion to response models happens at the **router boundary**.
+
+**Example (correct):**
+
+```python
+# app/services/jail_service.py — returns domain model
+async def get_jail(socket_path: str, name: str) -> DomainJailDetail:
+    ...
+    return DomainJailDetail(name=name, ...)
+
+# app/routers/jails.py — converts at boundary
+@router.get("/{name}")
+async def get_jail(...) -> JailDetailResponse:
+    domain = await jail_service.get_jail(socket_path, name)
+    return jail_mappers.map_domain_jail_detail_to_response(domain)
+```
+
+**When adding a new service:**
+1. Define domain model in `app/models/{domain}_domain.py` (frozen dataclass)
+2. Add mapper in `app/mappers/{domain}_mappers.py`: `map_domain_X_to_response(domain: DomainX) -> XResponse`
+3. Service returns domain model type
+4. Router calls mapper before returning
+
+**Reference:** `ban_service.py` + `ban_mappers.py` is canonical example. See `Docs/DOMAIN_MODELS.md`.
+
 ---
 
 ## 8. Error Handling