refactor(api): introduce UserContext schema for API dependency injection

Replace direct User database model imports in API endpoints with UserContext
schema, following the architecture principle that API routes should not import
database models directly.

Changes:
- Create UserContext schema in models/schema/auth.py with from_user() factory
- Update app/api/deps.py to return UserContext from all auth dependencies
- Add _get_user_model() helper for functions needing User model access
- Update 58 API endpoint files to use UserContext instead of User
- Add noqa comments for 4 legitimate edge cases (enums, internal helpers)

Architecture validation: 0 errors (down from 61), 11 warnings remain

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/vendor/inventory.py

@@ -15,7 +15,7 @@ from app.api.deps import get_current_vendor_api
 from app.core.database import get_db
 from app.services.inventory_service import inventory_service
 from app.services.inventory_transaction_service import inventory_transaction_service
-from models.database.user import User
+from models.schema.auth import UserContext
 from app.modules.inventory.schemas import (
     InventoryAdjust,
     InventoryCreate,
@@ -38,7 +38,7 @@ logger = logging.getLogger(__name__)
 @router.post("/inventory/set", response_model=InventoryResponse)
 def set_inventory(
     inventory: InventoryCreate,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Set exact inventory quantity (replaces existing)."""
@@ -52,7 +52,7 @@ def set_inventory(
 @router.post("/inventory/adjust", response_model=InventoryResponse)
 def adjust_inventory(
     adjustment: InventoryAdjust,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Adjust inventory (positive to add, negative to remove)."""
@@ -66,7 +66,7 @@ def adjust_inventory(
 @router.post("/inventory/reserve", response_model=InventoryResponse)
 def reserve_inventory(
     reservation: InventoryReserve,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Reserve inventory for an order."""
@@ -80,7 +80,7 @@ def reserve_inventory(
 @router.post("/inventory/release", response_model=InventoryResponse)
 def release_reservation(
     reservation: InventoryReserve,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Release reserved inventory (cancel order)."""
@@ -94,7 +94,7 @@ def release_reservation(
 @router.post("/inventory/fulfill", response_model=InventoryResponse)
 def fulfill_reservation(
     reservation: InventoryReserve,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Fulfill reservation (complete order, remove from stock)."""
@@ -108,7 +108,7 @@ def fulfill_reservation(
 @router.get("/inventory/product/{product_id}", response_model=ProductInventorySummary)
 def get_product_inventory(
     product_id: int,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Get inventory summary for a product."""
@@ -123,7 +123,7 @@ def get_vendor_inventory(
     limit: int = Query(100, ge=1, le=1000),
     location: str | None = Query(None),
     low_stock: int | None = Query(None, ge=0),
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Get all inventory for vendor."""
@@ -143,7 +143,7 @@ def get_vendor_inventory(
 def update_inventory(
     inventory_id: int,
     inventory_update: InventoryUpdate,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Update inventory entry."""
@@ -157,7 +157,7 @@ def update_inventory(
 @router.delete("/inventory/{inventory_id}", response_model=InventoryMessageResponse)
 def delete_inventory(
     inventory_id: int,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Delete inventory entry."""
@@ -177,7 +177,7 @@ def get_inventory_transactions(
     limit: int = Query(50, ge=1, le=200),
     product_id: int | None = Query(None, description="Filter by product"),
     transaction_type: str | None = Query(None, description="Filter by type"),
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """
@@ -210,7 +210,7 @@ def get_inventory_transactions(
 def get_product_transaction_history(
     product_id: int,
     limit: int = Query(50, ge=1, le=200),
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """
@@ -234,7 +234,7 @@ def get_product_transaction_history(
 )
 def get_order_transaction_history(
     order_id: int,
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """