Refactor ban management with domain models and mappers

- Add ban domain model for core business logic separation
- Implement mapper pattern for DTO/domain conversions
- Update ban service with new domain-driven approach
- Refactor router endpoints to use new architecture
- Add comprehensive mapper tests
- Update documentation with architecture changes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/app/routers/bans.py

@@ -19,6 +19,7 @@ from app.dependencies import (
     GeoCacheDep,
     HttpSessionDep,
 )
+from app.mappers import map_domain_active_ban_list_to_response
 from app.models.ban import ActiveBanListResponse, BanRequest, UnbanAllResponse, UnbanRequest
 from app.models.jail import JailCommandResponse
 from app.services import ban_service, jail_service
@@ -58,12 +59,13 @@ async def get_active_bans(
     Raises:
         HTTPException: 502 when fail2ban is unreachable.
     """
-    return await ban_service.get_active_bans(
+    domain_result = await ban_service.get_active_bans(
         socket_path,
         geo_cache=geo_cache,
         http_session=http_session,
         app_db=ban_ctx.db,
     )
+    return map_domain_active_ban_list_to_response(domain_result)
 
 
 @router.post(