refactor(api): introduce UserContext schema for API dependency injection

Replace direct User database model imports in API endpoints with UserContext
schema, following the architecture principle that API routes should not import
database models directly.

Changes:
- Create UserContext schema in models/schema/auth.py with from_user() factory
- Update app/api/deps.py to return UserContext from all auth dependencies
- Add _get_user_model() helper for functions needing User model access
- Update 58 API endpoint files to use UserContext instead of User
- Add noqa comments for 4 legitimate edge cases (enums, internal helpers)

Architecture validation: 0 errors (down from 61), 11 warnings remain

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/admin/vendors.py

@@ -19,7 +19,7 @@ from app.exceptions import ConfirmationRequiredException
 from app.services.admin_service import admin_service
 from app.services.stats_service import stats_service
 from app.services.vendor_service import vendor_service
-from models.database.user import User
+from models.schema.auth import UserContext
 from app.modules.analytics.schemas import VendorStatsResponse
 from models.schema.vendor import (
     LetzshopExportRequest,
@@ -39,7 +39,7 @@ logger = logging.getLogger(__name__)
 def create_vendor(
     vendor_data: VendorCreate,
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Create a new vendor (storefront/brand) under an existing company (Admin only).
@@ -89,7 +89,7 @@ def get_all_vendors_admin(
     is_active: bool | None = Query(None),
     is_verified: bool | None = Query(None),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """Get all vendors with filtering (Admin only)."""
     vendors, total = admin_service.get_all_vendors(
@@ -106,7 +106,7 @@ def get_all_vendors_admin(
 @router.get("/stats", response_model=VendorStatsResponse)
 def get_vendor_statistics_endpoint(
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """Get vendor statistics for admin dashboard (Admin only)."""
     stats = stats_service.get_vendor_statistics(db)
@@ -164,7 +164,7 @@ def _build_vendor_detail_response(vendor) -> VendorDetailResponse:
 def get_vendor_details(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Get detailed vendor information including company and owner details (Admin only).
@@ -186,7 +186,7 @@ def update_vendor(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     vendor_update: VendorUpdate = Body(...),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Update vendor information (Admin only).
@@ -222,7 +222,7 @@ def toggle_vendor_verification(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     verification_data: dict = Body(..., example={"is_verified": True}),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Set vendor verification status (Admin only).
@@ -251,7 +251,7 @@ def toggle_vendor_status(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     status_data: dict = Body(..., example={"is_active": True}),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Set vendor active status (Admin only).
@@ -280,7 +280,7 @@ def delete_vendor(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     confirm: bool = Query(False, description="Must be true to confirm deletion"),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Delete vendor and all associated data (Admin only).
@@ -325,7 +325,7 @@ def export_vendor_products_letzshop(
     ),
     include_inactive: bool = Query(False, description="Include inactive products"),
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Export vendor products in Letzshop CSV format (Admin only).
@@ -372,7 +372,7 @@ def export_vendor_products_letzshop_to_folder(
     vendor_identifier: str = Path(..., description="Vendor ID or vendor_code"),
     request: LetzshopExportRequest = None,
     db: Session = Depends(get_db),
-    current_admin: User = Depends(get_current_admin_api),
+    current_admin: UserContext = Depends(get_current_admin_api),
 ):
     """
     Export vendor products to Letzshop pickup folder (Admin only).