Run immediate health probe after jail deactivation

After deactivation the endpoint now calls _run_probe to flush the
cached server status immediately, matching the activate_jail behaviour
added in Task 5. Without this, the dashboard active-jail count could
remain stale for up to 30 s after a deactivation reload.

- config.py: capture result, await _run_probe, return result
- test_config.py: add test_deactivate_triggers_health_probe; fix 3
  pre-existing UP017 ruff warnings (datetime.UTC alias)
- test_health.py: update test to assert the new fail2ban field

backend/app/routers/config.py

@@ -695,7 +695,7 @@ async def deactivate_jail(
     socket_path: str = request.app.state.settings.fail2ban_socket
 
     try:
-        return await config_file_service.deactivate_jail(config_dir, socket_path, name)
+        result = await config_file_service.deactivate_jail(config_dir, socket_path, name)
     except JailNameError as exc:
         raise _bad_request(str(exc)) from exc
     except JailNotFoundInConfigError:
@@ -713,6 +713,13 @@ async def deactivate_jail(
     except Fail2BanConnectionError as exc:
         raise _bad_gateway(exc) from exc
 
+    # Force an immediate health probe so the cached status reflects the current
+    # fail2ban state (reload changes the active-jail count) without waiting for
+    # the next scheduled background check (up to 30 seconds).
+    await _run_probe(request.app)
+
+    return result
+
 
 # ---------------------------------------------------------------------------
 # Jail validation & rollback endpoints (Task 3)