Add better jail configuration: file CRUD, enable/disable, log paths

Task 4 (Better Jail Configuration) implementation:
- Add fail2ban_config_dir setting to app/config.py
- New file_config_service: list/view/edit/create jail.d, filter.d, action.d files
  with path-traversal prevention and 512 KB content size limit
- New file_config router: GET/PUT/POST endpoints for jail files, filter files,
  and action files; PUT .../enabled for toggle on/off
- Extend config_service with delete_log_path() and add_log_path()
- Add DELETE /api/config/jails/{name}/logpath and POST /api/config/jails/{name}/logpath
- Extend geo router with re-resolve endpoint; add geo_re_resolve background task
- Update blocklist_service with revised scheduling helpers
- Update Docker compose files with BANGUI_FAIL2BAN_CONFIG_DIR env var and
  rw volume mount for the fail2ban config directory
- Frontend: new Jail Files, Filters, Actions tabs in ConfigPage; file editor
  with accordion-per-file, editable textarea, save/create; add/delete log paths
- Frontend: types in types/config.ts; API calls in api/config.ts and api/endpoints.ts
- 63 new backend tests (test_file_config_service, test_file_config, test_geo_re_resolve)
- 6 new frontend tests in ConfigPageLogPath.test.tsx
- ruff, mypy --strict, tsc --noEmit, eslint: all clean; 617 backend tests pass

backend/app/services/config_service.py

@@ -520,6 +520,42 @@ async def add_log_path(
         raise ConfigOperationError(f"Failed to add log path {req.log_path!r}: {exc}") from exc
 
 
+async def delete_log_path(
+    socket_path: str,
+    jail: str,
+    log_path: str,
+) -> None:
+    """Remove a monitored log path from an existing jail.
+
+    Uses ``set <jail> dellogpath <path>`` to remove the path at runtime
+    without requiring a daemon restart.
+
+    Args:
+        socket_path: Path to the fail2ban Unix domain socket.
+        jail: Jail name from which the log path should be removed.
+        log_path: Absolute path of the log file to stop monitoring.
+
+    Raises:
+        JailNotFoundError: If *jail* is not a known jail.
+        ConfigOperationError: If the command is rejected by fail2ban.
+        ~app.utils.fail2ban_client.Fail2BanConnectionError: Socket unreachable.
+    """
+    client = Fail2BanClient(socket_path=socket_path, timeout=_SOCKET_TIMEOUT)
+
+    try:
+        _ok(await client.send(["status", jail, "short"]))
+    except ValueError as exc:
+        if _is_not_found_error(exc):
+            raise JailNotFoundError(jail) from exc
+        raise
+
+    try:
+        _ok(await client.send(["set", jail, "dellogpath", log_path]))
+        log.info("log_path_deleted", jail=jail, path=log_path)
+    except ValueError as exc:
+        raise ConfigOperationError(f"Failed to delete log path {log_path!r}: {exc}") from exc
+
+
 async def preview_log(req: LogPreviewRequest) -> LogPreviewResponse:
     """Read the last *num_lines* of a log file and test *fail_regex* against each.