Enforce repository boundary: Remove DbDep from routers

This commit enforces the repository boundary by eliminating direct database connection
dependencies (DbDep) from all routers. Routers now depend on service context dependencies
that combine the database connection with the related repositories.

Changes:
- Add 5 service context dependencies in dependencies.py:
  * SessionServiceContext: db + session_repo
  * BlocklistServiceContext: db + blocklist_repo + import_log_repo + settings_repo
  * SettingsServiceContext: db + settings_repo
  * BanServiceContext: db + fail2ban_db_repo
  * HistoryServiceContext: db + fail2ban_db_repo + history_archive_repo

- Refactor all 9 routers (auth, bans, blocklist, config_misc, dashboard, geo,
  history, jails, setup) to use service contexts instead of DbDep.

- Update Backend-Development.md with clear examples of the new pattern and
  documentation of available service contexts.

Rationale:
- Enforces the repository boundary through the dependency system
- Makes database operations explicit and auditable
- Improves testability by allowing service contexts to be mocked
- Prevents accidental direct database access from routers

The deprecated DbDep remains available for backward compatibility with
services that have not yet been refactored, but routers can no longer import it.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/app/routers/history.py

@@ -21,10 +21,10 @@ from fastapi import APIRouter, HTTPException, Query, Request
 
 from app.dependencies import (
     AuthDep,
-    DbDep,
-    Fail2BanSocketDep,
-    HttpSessionDep,
     Fail2BanMetadataServiceDep,
+    Fail2BanSocketDep,
+    HistoryServiceContextDep,
+    HttpSessionDep,
 )
 from app.models.ban import BanOrigin, TimeRange
 from app.models.history import HistoryListResponse, IpDetailResponse
@@ -42,7 +42,7 @@ router: APIRouter = APIRouter(prefix="/api/history", tags=["History"])
 async def get_history(
     request: Request,
     _auth: AuthDep,
-    db: DbDep,
+    history_ctx: HistoryServiceContextDep,
     socket_path: Fail2BanSocketDep,
     http_session: HttpSessionDep,
     fail2ban_metadata_service: Fail2BanMetadataServiceDep,
@@ -82,6 +82,10 @@ async def get_history(
     Args:
         request: The incoming request (used to access ``app.state``).
         _auth: Validated session — enforces authentication.
+        history_ctx: History service context containing db and repositories.
+        socket_path: Path to fail2ban Unix domain socket.
+        http_session: Shared HTTP session for geolocation.
+        fail2ban_metadata_service: Fail2Ban metadata service.
         range: Optional time-range preset.  ``None`` means all-time.
         jail: Optional jail name filter (exact match).
         ip: Optional IP prefix filter (prefix match).
@@ -103,7 +107,7 @@ async def get_history(
         page=page,
         page_size=page_size,
         http_session=http_session,
-        db=db,
+        db=history_ctx.db,
         fail2ban_metadata_service=fail2ban_metadata_service,
     )
 
@@ -116,7 +120,7 @@ async def get_history(
 async def get_history_archive(
     request: Request,
     _auth: AuthDep,
-    db: DbDep,
+    history_ctx: HistoryServiceContextDep,
     socket_path: Fail2BanSocketDep,
     http_session: HttpSessionDep,
     fail2ban_metadata_service: Fail2BanMetadataServiceDep,
@@ -139,7 +143,7 @@ async def get_history_archive(
         page=page,
         page_size=page_size,
         http_session=http_session,
-        db=db,
+        db=history_ctx.db,
         fail2ban_metadata_service=fail2ban_metadata_service,
     )