TASK-016: Validate delete_log_path query parameter with allowlist

- Extract path validation logic into shared helper function in
  backend/app/utils/path_utils.py (validate_log_path)
- Refactor AddLogPathRequest to use the helper function
- Apply the same validation to DELETE /api/config/jails/{name}/logpath
  endpoint by validating the log_path query parameter
- Return HTTP 422 with descriptive error if validation fails
- Add comprehensive unit tests for path validation
- Update Backend-Development.md with usage examples

This prevents path-traversal attacks on the delete_log_path endpoint
by ensuring all log paths are within allowlisted directories.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/tests/test_models.py

@@ -22,6 +22,7 @@ def _mock_allowed_dirs(monkeypatch: pytest.MonkeyPatch) -> None:
         )
 
     monkeypatch.setattr("app.models.config.get_settings", mock_get_settings)
+    monkeypatch.setattr("app.utils.path_utils.get_settings", mock_get_settings)
 
 
 def test_add_log_path_request_valid_in_var_log(_mock_allowed_dirs: None) -> None:
@@ -90,6 +91,7 @@ def test_add_log_path_request_rejects_symlink_escape(monkeypatch: pytest.MonkeyP
             )
 
         monkeypatch.setattr("app.models.config.get_settings", mock_get_settings)
+        monkeypatch.setattr("app.utils.path_utils.get_settings", mock_get_settings)
 
         with pytest.raises(ValidationError) as exc_info:
             AddLogPathRequest(log_path=str(symlink / "evil.log"), tail=True)
@@ -132,6 +134,7 @@ def test_add_log_path_request_custom_allowed_dirs(monkeypatch: pytest.MonkeyPatc
         )
 
     monkeypatch.setattr("app.models.config.get_settings", mock_get_settings)
+    monkeypatch.setattr("app.utils.path_utils.get_settings", mock_get_settings)
 
     req = AddLogPathRequest(log_path="/custom/logs/app.log", tail=True)
     assert req.log_path == "/custom/logs/app.log"