Fix BUG-001: resolve banaction interpolation error in fail2ban jails

The container init script (init-fail2ban-config) copies jail.conf from the
image's /defaults/ on every start, overwriting any direct edits.  The correct
fix is jail.local, which is not present in the image defaults and therefore
persists across restarts.

Changes:
- Add Docker/fail2ban-dev-config/fail2ban/jail.local with [DEFAULT] overrides
  for banaction = iptables-multiport and banaction_allports = iptables-allports.
  fail2ban loads jail.local after jail.conf so these values are available to
  all jails during %(action_)s interpolation.
- Untrack jail.local from .gitignore so it is committed to the repo.
- Fix TypeError in config_file_service: except jail_service.JailNotFoundError
  failed when jail_service was mocked in tests because MagicMock attributes are
  not BaseException subclasses.  Import JailNotFoundError directly instead.
- Mark BUG-001 as Done in Tasks.md.

backend/app/services/config_file_service.py

@@ -55,6 +55,7 @@ from app.models.config import (
     RollbackResponse,
 )
 from app.services import conffile_parser, jail_service
+from app.services.jail_service import JailNotFoundError as JailNotFoundError
 from app.utils.fail2ban_client import Fail2BanClient, Fail2BanConnectionError
 
 log: structlog.stdlib.BoundLogger = structlog.get_logger()
@@ -1231,7 +1232,7 @@ async def activate_jail(
     # ---------------------------------------------------------------------- #
     try:
         await jail_service.reload_all(socket_path, include_jails=[name])
-    except jail_service.JailNotFoundError as exc:
+    except JailNotFoundError as exc:
         # Jail configuration is invalid (e.g. missing logpath that prevents
         # fail2ban from loading the jail). Roll back and provide a specific error.
         log.warning(