Complete tasks 1-5: UI cleanup, pie chart fix, log path allowlist, activation hardening

Task 1: Remove ActiveBansSection from JailsPage
- Delete buildBanColumns, fmtTimestamp, ActiveBansSection
- Remove Dialog/Delete/Dismiss imports, ActiveBan type
- Update JSDoc to reflect three sections

Task 2: Remove JailDistributionChart from Dashboard
- Delete import and JSX block from DashboardPage.tsx

Task 3: Fix transparent pie chart (TopCountriesPieChart)
- Add Cell import and per-slice <Cell fill={slice.fill}> children inside <Pie>
- Suppress @typescript-eslint/no-deprecated (recharts v3 types)

Task 4: Allow /config/log as safe log prefix
- Add '/config/log' to _SAFE_LOG_PREFIXES in config_service.py
- Update error message to list both allowed directories

Task 5: Block jail activation on missing filter/logpath
- activate_jail refuses to proceed when filter/logpath issues found
- ActivateJailDialog treats all validation issues as blocking
- Trigger immediate _run_probe after activation in config router
- /api/health now reports fail2ban online/offline from cached probe
- Add TestActivateJailBlocking tests; fix existing tests to mock validation

backend/app/services/config_service.py

@@ -768,7 +768,7 @@ _NON_FILE_LOG_TARGETS: frozenset[str] = frozenset(
 )
 
 # Only allow reading log files under these base directories (security).
-_SAFE_LOG_PREFIXES: tuple[str, ...] = ("/var/log",)
+_SAFE_LOG_PREFIXES: tuple[str, ...] = ("/var/log", "/config/log")
 
 
 def _count_file_lines(file_path: str) -> int:
@@ -847,7 +847,7 @@ async def read_fail2ban_log(
     if not any(resolved_str.startswith(safe) for safe in _SAFE_LOG_PREFIXES):
         raise ConfigOperationError(
             f"Log path {resolved_str!r} is outside the allowed directory. "
-            "Only paths under /var/log are permitted."
+            "Only paths under /var/log or /config/log are permitted."
         )
 
     if not resolved.is_file():