refactor: move transaction management from services to API endpoints

- Services now use db.flush() instead of db.commit() for database operations
- API endpoints handle transaction commit after service calls
- Remove db.rollback() from services (let exception handlers manage this)
- Ensures consistent transaction boundaries at API layer

This pattern gives API endpoints full control over when to commit,
allowing for better error handling and potential multi-operation transactions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/admin/code_quality.py

@@ -142,6 +142,7 @@ async def trigger_scan(
     scan = code_quality_service.run_scan(
         db, triggered_by=f"manual:{current_user.username}"
     )
+    db.commit()
 
     return ScanResponse(
         id=scan.id,
@@ -338,6 +339,7 @@ async def assign_violation(
         due_date=request.due_date,
         priority=request.priority,
     )
+    db.commit()
 
     return {
         "id": assignment.id,
@@ -371,6 +373,7 @@ async def resolve_violation(
         resolved_by=current_user.id,
         resolution_note=request.resolution_note,
     )
+    db.commit()
 
     return {
         "id": violation.id,
@@ -402,6 +405,7 @@ async def ignore_violation(
         ignored_by=current_user.id,
         reason=request.reason,
     )
+    db.commit()
 
     return {
         "id": violation.id,
@@ -432,6 +436,7 @@ async def add_comment(
         user_id=current_user.id,
         comment=request.comment,
     )
+    db.commit()
 
     return {
         "id": comment.id,