feat(jira): per-user auth, lifecycle hooks, admin config endpoints

- Add jira_api_token field to User model + migration b042
- Per-user Jira client: user's corporate email + personal Atlassian token
- Admin-configurable Jira URL/project via system_configs (GET/PATCH /system/jira-config + POST /system/jira-test)
- Auto-create Jira ticket when a test is created (non-fatal)
- Push lifecycle comments on every state transition: draft→red_executing→blue_evaluating→in_review→validated/rejected→draft
- Rich ticket descriptions with technique, MITRE ID, priority from severity, labels
- UserOut.jira_token_set (bool) instead of exposing raw token
- PATCH /users/me/preferences now accepts jira_api_token

backend/app/routers/users.py

@@ -33,10 +33,18 @@ def update_my_preferences(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    """Update the current user's notification preferences and Jira account ID."""
+    """Update the current user's notification preferences, Jira account ID and Jira API token.
+
+    Send ``jira_api_token: ""`` to clear a previously stored token.
+    The token is never returned in any response.
+    """
     update_data = payload.model_dump(exclude_unset=True)
     for field, value in update_data.items():
-        setattr(current_user, field, value)
+        if field == "jira_api_token":
+            # Empty string means "clear token"
+            setattr(current_user, field, value if value else None)
+        else:
+            setattr(current_user, field, value)
     db.commit()
     db.refresh(current_user)
     return current_user