feat: Phase 1 - Data models and migrations (T-004 to T-009)

Implements all database models for the Aegis platform with full
Alembic migration support.

Models created:
- User: Authentication with role-based access control
- Technique: MITRE ATT&CK techniques with coverage status tracking
- Test: Security tests with validation workflow (draft/review/validated)
- Evidence: File metadata for test evidence (stored in MinIO)
- IntelItem: Threat intelligence items linked to techniques
- AuditLog: System-wide audit trail with JSONB details

Enumerations:
- TechniqueStatus: not_evaluated, in_progress, validated, partial, etc.
- TestState: draft, in_review, validated, rejected
- TestResult: detected, not_detected, partially_detected

Services:
- audit_service.py: log_action() helper for audit logging

All models include proper foreign key relationships and PostgreSQL
enum types are managed correctly in migrations (create/drop).

backend/app/models/intel.py

@@ -0,0 +1,29 @@
+import uuid
+from datetime import datetime
+
+from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import relationship
+
+from app.database import Base
+
+
+class IntelItem(Base):
+    """
+    Intelligence item model for tracking threat intelligence related to techniques.
+    
+    Stores URLs and metadata from automated intel scans that may indicate
+    new attack variations or detection bypasses for specific techniques.
+    """
+    __tablename__ = "intel_items"
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    technique_id = Column(UUID(as_uuid=True), ForeignKey("techniques.id"), nullable=True)
+    url = Column(String, nullable=False)
+    title = Column(String, nullable=True)
+    source = Column(String, nullable=True)
+    detected_at = Column(DateTime, default=datetime.utcnow)
+    reviewed = Column(Boolean, default=False)
+
+    # Relationships
+    technique = relationship("Technique")