feat(arch): add API-007 rule to enforce layered architecture

Add architecture rule that detects when API routes import database
models directly, enforcing Routes → Services → Models pattern.

Changes:
- Add API-007 rule to .architecture-rules/api.yaml
- Add _check_no_model_imports() validation to validator script
- Update customer imports to use canonical module location
- Add storefront module restructure implementation plan

The validator now detects 81 violations across 67 API files where
database models are imported directly instead of going through
services. This is Phase 1 of the storefront restructure plan.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tests/integration/api/v1/shop/test_addresses.py

@@ -11,7 +11,7 @@ from unittest.mock import patch
 import pytest
 from jose import jwt
 
-from models.database.customer import Customer, CustomerAddress
+from app.modules.customers.models.customer import Customer, CustomerAddress
 
 
 @pytest.fixture

tests/integration/api/v1/shop/test_orders.py

@@ -12,7 +12,7 @@ from unittest.mock import patch, MagicMock
 import pytest
 from jose import jwt
 
-from models.database.customer import Customer
+from app.modules.customers.models.customer import Customer
 from models.database.invoice import Invoice, InvoiceStatus, VendorInvoiceSettings
 from models.database.order import Order, OrderItem
 

tests/integration/api/v1/shop/test_password_reset.py

@@ -9,7 +9,7 @@ from unittest.mock import MagicMock, patch
 
 import pytest
 
-from models.database.customer import Customer
+from app.modules.customers.models.customer import Customer
 from models.database.password_reset_token import PasswordResetToken
 
 

tests/integration/api/v1/vendor/test_invoices.py

@@ -9,7 +9,7 @@ from decimal import Decimal
 
 import pytest
 
-from models.database.customer import Customer
+from app.modules.customers.models.customer import Customer
 from models.database.invoice import Invoice, InvoiceStatus, VendorInvoiceSettings
 from models.database.order import Order