feat(phase-37): timer pause/resume + professional reporting engine

Pause/Resume timer:
- Add paused_at, red_paused_seconds, blue_paused_seconds fields to Test model
- Add pause_timer/resume_timer workflow functions with accumulated pause tracking
- Auto-resume on phase submit; subtract paused time from worklog duration
- Add POST /tests/{id}/pause-timer and resume-timer endpoints
- Update LiveTimer component with pause/resume button and paused visual state
- Wire pause/resume mutations through TestDetailPage and TestDetailHeader

Professional Reporting Engine - Fase 2:
- Add ReportEngine service with Jinja2 HTML rendering, WeasyPrint PDF, and docxtpl DOCX
- Add corporate CSS stylesheet with cover page, data tables, stats grid, findings
- Create purple_campaign, coverage_report, and executive_summary HTML templates
- Add report_generation_service collecting domain data for each report type
- Add professional_reports router: GET /reports/generate/purple-campaign/{id}, coverage-summary, executive-summary
- Add analytics router with flat JSON endpoints for PowerBI: /coverage, /tests, /trends, /operators
- Add advanced_metrics router: /coverage-by-tactic, /never-tested, /avg-validation-time, /detection-rate-trend
- Add weasyprint and docxtpl to requirements.txt
- Add REPORT_TEMPLATES_DIR, REPORT_OUTPUT_DIR, COMPANY_NAME, COMPANY_LOGO_PATH to config

backend/app/routers/professional_reports.py

@@ -0,0 +1,72 @@
+"""Professional report generation endpoints — PDF, DOCX, HTML output."""
+
+from uuid import UUID
+
+from fastapi import APIRouter, Depends, Query
+from fastapi.responses import FileResponse
+from sqlalchemy.orm import Session
+
+from app.database import get_db
+from app.dependencies.auth import get_current_user, require_any_role
+from app.models.user import User
+from app.services import report_generation_service
+
+router = APIRouter(prefix="/reports/generate", tags=["professional-reports"])
+
+_MEDIA_TYPES = {
+    "pdf": "application/pdf",
+    "docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+    "html": "text/html",
+}
+
+
+@router.get("/purple-campaign/{campaign_id}")
+def generate_purple_report(
+    campaign_id: UUID,
+    format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
+    db: Session = Depends(get_db),
+    user: User = Depends(require_any_role("red_lead", "blue_lead")),
+):
+    """Generate a Purple Team campaign assessment report."""
+    filepath = report_generation_service.generate_purple_campaign_report(
+        db, str(campaign_id), output_format=format,
+    )
+    return FileResponse(
+        filepath,
+        media_type=_MEDIA_TYPES[format],
+        filename=f"purple_report.{format}",
+    )
+
+
+@router.get("/coverage-summary")
+def generate_coverage_report(
+    format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
+    db: Session = Depends(get_db),
+    user: User = Depends(get_current_user),
+):
+    """Generate an organization-wide MITRE ATT&CK coverage report."""
+    filepath = report_generation_service.generate_coverage_report(
+        db, output_format=format,
+    )
+    return FileResponse(
+        filepath,
+        media_type=_MEDIA_TYPES[format],
+        filename=f"coverage_report.{format}",
+    )
+
+
+@router.get("/executive-summary")
+def generate_executive_report(
+    format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
+    db: Session = Depends(get_db),
+    user: User = Depends(require_any_role("red_lead", "blue_lead")),
+):
+    """Generate an executive security summary report."""
+    filepath = report_generation_service.generate_executive_summary(
+        db, output_format=format,
+    )
+    return FileResponse(
+        filepath,
+        media_type=_MEDIA_TYPES[format],
+        filename=f"executive_summary.{format}",
+    )