refactor(types): add comprehensive type annotations across backend Python codebase

Enable ANN rules in ruff.toml (flake8-annotations) and resolve all 221 violations:

ANN201/ANN202 — return types on 168 public/private functions:
- All 28 FastAPI routers: endpoints annotated with dict/list/specific schema/
  StreamingResponse/FileResponse/JSONResponse as appropriate
- main.py: lifespan→AsyncGenerator[None,None], exception handlers→JSONResponse
- database.py: get_db→Generator[Session,None,None], proxy methods→correct types
- middleware/request_context.py: dispatch→Response with Callable call_next type

ANN001/ANN002/ANN003 — 32 missing argument types:
- seed_demo.py: all db parameters typed as Session
- domain/unit_of_work.py: __aexit__ exc_type/exc_val/exc_tb typed with TracebackType
- services: audit_service user_id→UUID|None, heatmap_service query/model/builder,
  notification_service test→Test, tempo_service test→Test/user→User,
  test_workflow_service test_id→UUID, campaign_crud **fields→object,
  test_crud **fields→object (4 sites)

ANN401 — 16 Any usages resolved:
- Domain entities (campaign/technique/threat_actor/test_entity): replaced Any with
  actual ORM types via TYPE_CHECKING guards to avoid circular imports
- detection_rule_service: test_id/detection_rule_id/evaluator_id→UUID
- score_cache: kept Any with # noqa: ANN401 (genuinely generic cache)
- jira_service/tempo_service: kept Any with # noqa: ANN401 (lazy optional deps)
- d3fend_import_service: _to_str(v: Any) kept with # noqa: ANN401

ANN204/ANN205/ANN206 — special/static/class methods:
- database.py proxy __call__/__getattr__: *args: object/**kwargs: object
- schemas/test.py model_validate: obj→object, **kwargs→object
- sa_technique_repository._int_type→type

All 439 unit tests pass. ruff check app/ → All checks passed!

backend/app/routers/campaigns.py

@@ -107,7 +107,7 @@ def list_campaigns(
     limit: int = Query(50, ge=1, le=200),
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
-):
+) -> list:
     """List campaigns with optional filters and pagination."""
     return crud_list(
         db,
@@ -129,7 +129,7 @@ def create_campaign(
     payload: CampaignCreate,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Create a new campaign."""
     with UnitOfWork(db) as uow:
         result = crud_create(
@@ -165,7 +165,7 @@ def get_campaign(
     campaign_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
-):
+) -> dict:
     """Get detailed campaign info including tests and progress."""
     return crud_get_detail(db, campaign_id)
 
@@ -180,7 +180,7 @@ def update_campaign(
     payload: CampaignUpdate,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Update a campaign. Only allowed in draft or active state."""
     update_data = payload.model_dump(exclude_unset=True)
     with UnitOfWork(db) as uow:
@@ -214,7 +214,7 @@ def add_test_to_campaign(
     payload: AddTestPayload,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Add a test to a campaign with optional ordering and dependency."""
     with UnitOfWork(db) as uow:
         result = crud_add_test(
@@ -239,7 +239,7 @@ def remove_test_from_campaign(
     campaign_test_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Remove a test from a campaign."""
     with UnitOfWork(db) as uow:
         crud_remove_test(db, campaign_id, campaign_test_id)
@@ -256,7 +256,7 @@ def activate_campaign(
     campaign_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Activate a campaign, moving it from draft to active."""
     with UnitOfWork(db) as uow:
         campaign = crud_activate(db, campaign_id)
@@ -292,7 +292,7 @@ def complete_campaign(
     campaign_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "admin")),
-):
+) -> dict:
     """Mark a campaign as completed."""
     with UnitOfWork(db) as uow:
         campaign = crud_complete(db, campaign_id)
@@ -319,7 +319,7 @@ def get_campaign_progress_endpoint(
     campaign_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
-):
+) -> dict:
     """Get progress statistics for a campaign."""
     return crud_get_progress(db, campaign_id)
 
@@ -333,7 +333,7 @@ def generate_campaign_from_actor(
     actor_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Auto-generate a campaign from a threat actor's uncovered techniques.
 
     Creates tests from the best available templates and orders them
@@ -369,7 +369,7 @@ def schedule_campaign(
     payload: SchedulePayload,
     db: Session = Depends(get_db),
     current_user: User = Depends(require_any_role("red_lead", "blue_lead")),
-):
+) -> dict:
     """Configure or update the recurrence schedule for a campaign.
 
     Only the campaign creator or admin can change scheduling.
@@ -411,6 +411,6 @@ def get_campaign_history(
     campaign_id: str,
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
-):
+) -> list:
     """List all child campaigns (execution history) of a recurring campaign."""
     return crud_get_history(db, campaign_id)