Add origin field and filter for ban sources (Tasks 1 & 2)

- Task 1: Mark imported blocklist IP addresses
  - Add BanOrigin type and _derive_origin() to ban.py model
  - Populate origin field in ban_service list_bans() and bans_by_country()
  - BanTable and MapPage companion table show origin badge column
  - Tests: origin derivation in test_ban_service.py and test_dashboard.py

- Task 2: Add origin filter to dashboard and world map
  - ban_service: _origin_sql_filter() helper; origin param on list_bans()
    and bans_by_country()
  - dashboard router: optional origin query param forwarded to service
  - Frontend: BanOriginFilter type + BAN_ORIGIN_FILTER_LABELS in ban.ts
  - fetchBans / fetchBansByCountry forward origin to API
  - useBans / useMapData accept and pass origin; page resets on change
  - BanTable accepts origin prop; DashboardPage adds segmented filter
  - MapPage adds origin Select next to time-range picker
  - Tests: origin filter assertions in test_ban_service and test_dashboard

backend/app/routers/config.py

@@ -30,6 +30,8 @@ from app.models.config import (
     JailConfigUpdate,
     LogPreviewRequest,
     LogPreviewResponse,
+    MapColorThresholdsResponse,
+    MapColorThresholdsUpdate,
     RegexTestRequest,
     RegexTestResponse,
 )
@@ -380,3 +382,83 @@ async def preview_log(
         :class:`~app.models.config.LogPreviewResponse` with per-line results.
     """
     return await config_service.preview_log(body)
+
+
+# ---------------------------------------------------------------------------
+# Map color thresholds
+# ---------------------------------------------------------------------------
+
+
+@router.get(
+    "/map-color-thresholds",
+    response_model=MapColorThresholdsResponse,
+    summary="Get map color threshold configuration",
+)
+async def get_map_color_thresholds(
+    request: Request,
+    _auth: AuthDep,
+) -> MapColorThresholdsResponse:
+    """Return the configured map color thresholds.
+
+    Args:
+        request: FastAPI request object.
+        _auth: Validated session.
+
+    Returns:
+        :class:`~app.models.config.MapColorThresholdsResponse` with
+        current thresholds.
+    """
+    from app.services import setup_service
+
+    high, medium, low = await setup_service.get_map_color_thresholds(
+        request.app.state.db
+    )
+    return MapColorThresholdsResponse(
+        threshold_high=high,
+        threshold_medium=medium,
+        threshold_low=low,
+    )
+
+
+@router.put(
+    "/map-color-thresholds",
+    response_model=MapColorThresholdsResponse,
+    summary="Update map color threshold configuration",
+)
+async def update_map_color_thresholds(
+    request: Request,
+    _auth: AuthDep,
+    body: MapColorThresholdsUpdate,
+) -> MapColorThresholdsResponse:
+    """Update the map color threshold configuration.
+
+    Args:
+        request: FastAPI request object.
+        _auth: Validated session.
+        body: New threshold values.
+
+    Returns:
+        :class:`~app.models.config.MapColorThresholdsResponse` with
+        updated thresholds.
+
+    Raises:
+        HTTPException: 400 if validation fails (thresholds not
+        properly ordered).
+    """
+    from app.services import setup_service
+
+    try:
+        await setup_service.set_map_color_thresholds(
+            request.app.state.db,
+            threshold_high=body.threshold_high,
+            threshold_medium=body.threshold_medium,
+            threshold_low=body.threshold_low,
+        )
+    except ValueError as exc:
+        raise _bad_request(str(exc)) from exc
+
+    return MapColorThresholdsResponse(
+        threshold_high=body.threshold_high,
+        threshold_medium=body.threshold_medium,
+        threshold_low=body.threshold_low,
+    )