Enforce repository boundary for persistence access

- Hide raw database connections (DbDep) from routers by removing from public exports
- Maintain DbDep as deprecated export for backward compatibility
- Add _DbDep internal dependency for use by other dependencies like require_auth
- Update module docstring to explain dependency layering rules
- Add comprehensive documentation section on dependency layering to Backend-Development.md

This enforces the architectural boundary where:
- Routers depend on repository dependencies (SessionRepoDep, BlocklistRepositoryDep, etc)
- Services orchestrate operations through repositories
- Only repositories execute SQL queries

The repository boundary is now technically enforced through the dependency injection
system, making it impossible for routers to accidentally bypass repositories and
access the database directly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Docs/Tasks.md

@@ -1,25 +1,3 @@
-## 5) Inconsistent domain exception contracts across services
-- Where found:
-	- [backend/app/routers/jails.py](backend/app/routers/jails.py)
-	- [backend/app/routers/config.py](backend/app/routers/config.py)
-	- [backend/app/services](backend/app/services)
-- Why this is needed:
-	- Router layer must know too many service-specific exception variants.
-- Goal:
-	- Standardize domain exception taxonomy and HTTP mapping.
-- What to do:
-	- Define error categories and mandatory service error types.
-	- Align router exception handlers to those categories.
-- Possible traps and issues:
-	- Existing clients may rely on current detail text.
-- Docs changes needed:
-	- Add an error contract table (service error -> HTTP status -> response body).
-- Doc references:
-	- [backend/app/main.py](backend/app/main.py)
-	- [Docs/Backend-Development.md](Docs/Backend-Development.md)
-
----
-
 ## 6) Raw DB connection exposed as dependency for all routes
 - Where found:
 	- [backend/app/dependencies.py](backend/app/dependencies.py)