refactor(pep8): enforce full PEP8 compliance across backend Python codebase

- ruff.toml: select E/W/F/I/N rules, line-length=120, drop legacy ignores
- Auto-fix: sort 82 import blocks (isort), remove 29 unused imports,
  strip 6 trailing-whitespace blank lines in docstrings
- main.py: move setup_logging and settings imports to top (E402)
- errors.py: noqa N818 on DDD exception names (96 call sites, safe)
- intel_service.py: noqa N817 for universal ET alias
- atomic/elastic/sigma import services: move _MAX_UNCOMPRESSED_SIZE and
  _MAX_ENTRIES to module level (N806)
- compliance_import_service.py: move SAMPLE_CONTROLS / CIS_CONTROLS to
  module level; wrap long description strings (N806 + E501)
- snapshot_service.py: move STATUS_ORDER dict to module level (N806)
- sigma_import_service.py: remove dead dedup_key expression (F841)
- threat_actor_import_service.py: remove dead stix_to_actor expression (F841)
- data_source.py, seed_demo.py, campaign_scheduler_service.py,
  lolbas_import_service.py: wrap lines exceeding 120 chars (E501)
- d3fend_import_service.py: per-file E501 ignore (data file with long strings)

All 439 unit tests pass. ruff check app/ → All checks passed!

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/main.py

@@ -3,55 +3,55 @@ import os
 from contextlib import asynccontextmanager
 
 from fastapi import FastAPI, Request, status
+from fastapi.exceptions import RequestValidationError
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
-from fastapi.exceptions import RequestValidationError
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 from sqlalchemy.exc import SQLAlchemyError
 
-from app.routers import auth as auth_router
-from app.routers import techniques as techniques_router
-from app.routers import tests as tests_router
-from app.routers import evidence as evidence_router
-from app.routers import test_templates as test_templates_router
-from app.routers import system as system_router
-from app.routers import metrics as metrics_router
-from app.routers import users as users_router
-from app.routers import audit as audit_router
-from app.routers import notifications as notifications_router
-from app.routers import reports as reports_router
-from app.routers import data_sources as data_sources_router
-from app.routers import threat_actors as threat_actors_router
-from app.routers import d3fend as d3fend_router
-from app.routers import detection_rules as detection_rules_router
-from app.routers import campaigns as campaigns_router
-from app.routers import heatmap as heatmap_router
-from app.routers import scores as scores_router
-from app.routers import operational_metrics as operational_metrics_router
-from app.routers import compliance as compliance_router
-from app.routers import snapshots as snapshots_router
-from app.routers import jira as jira_router
-from app.routers import worklogs as worklogs_router
-from app.routers import professional_reports as professional_reports_router
-from app.routers import analytics as analytics_router
-from app.routers import advanced_metrics as advanced_metrics_router
-from app.routers import osint as osint_router
+from app.config import settings as _settings
 from app.domain.errors import DomainError
+from app.jobs.mitre_sync_job import scheduler, start_scheduler
+from app.limiter import limiter
+from app.logging_config import setup_logging
 from app.middleware.error_handler import domain_exception_handler
 from app.middleware.request_context import RequestContextMiddleware
-from app.limiter import limiter
+from app.routers import advanced_metrics as advanced_metrics_router
+from app.routers import analytics as analytics_router
+from app.routers import audit as audit_router
+from app.routers import auth as auth_router
+from app.routers import campaigns as campaigns_router
+from app.routers import compliance as compliance_router
+from app.routers import d3fend as d3fend_router
+from app.routers import data_sources as data_sources_router
+from app.routers import detection_rules as detection_rules_router
+from app.routers import evidence as evidence_router
+from app.routers import heatmap as heatmap_router
+from app.routers import jira as jira_router
+from app.routers import metrics as metrics_router
+from app.routers import notifications as notifications_router
+from app.routers import operational_metrics as operational_metrics_router
+from app.routers import osint as osint_router
+from app.routers import professional_reports as professional_reports_router
+from app.routers import reports as reports_router
+from app.routers import scores as scores_router
+from app.routers import snapshots as snapshots_router
+from app.routers import system as system_router
+from app.routers import techniques as techniques_router
+from app.routers import test_templates as test_templates_router
+from app.routers import tests as tests_router
+from app.routers import threat_actors as threat_actors_router
+from app.routers import users as users_router
+from app.routers import worklogs as worklogs_router
 from app.storage import ensure_bucket_exists
-from app.jobs.mitre_sync_job import start_scheduler, scheduler
+
+# Configure structured logging before any module initialises its own logger
+setup_logging()
 
 # ── Environment detection ─────────────────────────────────────────────────
 _IS_PRODUCTION = os.environ.get("AEGIS_ENV", "").lower() == "production"
 
-# ── Logging ───────────────────────────────────────────────────────────────
-from app.logging_config import setup_logging
-
-setup_logging()
-
 @asynccontextmanager
 async def lifespan(app: FastAPI):
     """Startup / shutdown logic."""
@@ -81,8 +81,6 @@ app.add_middleware(RequestContextMiddleware)
 app.add_exception_handler(DomainError, domain_exception_handler)
 
 # ── CORS ──────────────────────────────────────────────────────────────────
-from app.config import settings as _settings
-
 _cors_origins: list[str] = [
     o.strip() for o in _settings.CORS_ORIGINS.split(",") if o.strip()
 ]