Merge feat/migrate-encryption-py: Consolidate encryption to modular system

This PR consolidates OpenWatch's encryption system from fragmented legacy
code to a unified, modular architecture following industry best practices.

## Summary of Changes

### 🔐 Encryption System Modernization
- Migrated from legacy crypto.py (500 lines) to modular app/encryption/ (240 lines)
- Achieved 52% code reduction through better architecture
- Implemented dependency injection (removed global singletons)
- FIPS 140-2 compliant AES-256-GCM encryption maintained
- Backward compatible with existing encrypted data

### 🧹 Code Quality Improvements
- Removed 276 lines of redundant encryption code
- Removed 11 stale scripts and backups (~60 KB)
- Enhanced .gitignore to prevent future clutter
- Single source of truth: backend/app/encryption/

### ✅ Production Ready
- All 7 containers healthy and running
- Zero breaking changes to APIs or database schema
- Comprehensive test coverage (505 lines of encryption tests)
- Running stable for 10+ hours in production-like environment

## Commits in this PR (11 total)

1. feat: Add remote SCAP executor and OVAL support
2. docs: Add encryption migration baseline metrics
3. feat(encryption): Refactor encryption.py - remove singleton, add DI
4. feat(di): Add encryption service to FastAPI lifespan and DI
5. feat(di): Update AuthService to use encryption service DI
6. test: Verify new encryption service can decrypt existing credentials
7. docs: Make encryption service docstring neutral
8. fix: Complete encryption migration - Remove legacy crypto.py
9. refactor: Consolidate encryption to single modular system
10. docs: Add comprehensive Modular Code Architecture to CLAUDE.md
11. chore: Clean up backend directory - remove stale scripts

## Impact

### Security
✅ Maintained FIPS 140-2 compliance
✅ Improved testability and auditability
✅ Eliminated global state vulnerabilities
✅ Clear encryption service boundaries

### Maintainability
✅ 52% code reduction (crypto.py 500 lines → encryption/ 240 lines)
✅ Single Responsibility Principle applied
✅ Easy to extend and modify
✅ Fix bugs in 1 file instead of multiple files

### Team Collaboration
✅ Comprehensive documentation for AI assistants
✅ Clear modular boundaries
✅ Dependency injection enables parallel development
✅ Reduced merge conflicts

## Testing
- ✅ All containers healthy
- ✅ Backend API responding correctly
- ✅ Worker processing tasks successfully
- ✅ 505 lines of unit tests for encryption module
- ✅ Backward compatibility verified

Author: remyluslosius

.gitignore

@@ -614,6 +614,13 @@ test_frontend_e2e.py
 test_complete_e2e.py
 test_comprehensive*.py
 
+# One-time debug, test, and migration scripts (backend root)
+backend/debug_*.py
+backend/test_*.py
+backend/verify_*.py
+backend/migrate_*.py
+backend/run_migration*.py
+
 # Test report and summary files
 *_TEST_REPORT.md
 *_TEST_SUMMARY.md
@@ -788,3 +795,5 @@ backend/app/cli/scap_json_to_openwatch_converter.py
 backend/app/cli/scap_to_openwatch_converter_enhanced.py
 scap_json_to_openwatch_converter_enhanced.py
 
+backend/debug_*.py
+backend/scripts/