refactor(api): introduce UserContext schema for API dependency injection

Replace direct User database model imports in API endpoints with UserContext
schema, following the architecture principle that API routes should not import
database models directly.

Changes:
- Create UserContext schema in models/schema/auth.py with from_user() factory
- Update app/api/deps.py to return UserContext from all auth dependencies
- Add _get_user_model() helper for functions needing User model access
- Update 58 API endpoint files to use UserContext instead of User
- Add noqa comments for 4 legitimate edge cases (enums, internal helpers)

Architecture validation: 0 errors (down from 61), 11 warnings remain

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/v1/vendor/team.py

@@ -24,7 +24,7 @@ from app.api.deps import (
 from app.core.database import get_db
 from app.core.permissions import VendorPermissions
 from app.services.vendor_team_service import vendor_team_service
-from models.database.user import User
+from models.schema.auth import UserContext
 from models.schema.team import (
     BulkRemoveRequest,
     BulkRemoveResponse,
@@ -54,7 +54,7 @@ def list_team_members(
     request: Request,
     include_inactive: bool = False,
     db: Session = Depends(get_db),
-    current_user: User = Depends(
+    current_user: UserContext = Depends(
         require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
     ),
 ):
@@ -96,7 +96,7 @@ def invite_team_member(
     invitation: TeamMemberInvite,
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(require_vendor_owner),  # Owner only
+    current_user: UserContext = Depends(require_vendor_owner),  # Owner only
 ):
     """
     Invite a new team member to the vendor.
@@ -220,7 +220,7 @@ def get_team_member(
     user_id: int,
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(
+    current_user: UserContext = Depends(
         require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
     ),
 ):
@@ -250,7 +250,7 @@ def update_team_member(
     update_data: TeamMemberUpdate,
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(require_vendor_owner),  # Owner only
+    current_user: UserContext = Depends(require_vendor_owner),  # Owner only
 ):
     """
     Update a team member's role or status.
@@ -293,7 +293,7 @@ def remove_team_member(
     user_id: int,
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(require_vendor_owner),  # Owner only
+    current_user: UserContext = Depends(require_vendor_owner),  # Owner only
 ):
     """
     Remove a team member from the vendor.
@@ -325,7 +325,7 @@ def bulk_remove_team_members(
     bulk_remove: BulkRemoveRequest,
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(require_vendor_owner),
+    current_user: UserContext = Depends(require_vendor_owner),
 ):
     """
     Remove multiple team members at once.
@@ -369,7 +369,7 @@ def bulk_remove_team_members(
 def list_roles(
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(
+    current_user: UserContext = Depends(
         require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
     ),
 ):
@@ -399,7 +399,7 @@ def list_roles(
 def get_my_permissions(
     request: Request,
     permissions: list[str] = Depends(get_user_permissions),
-    current_user: User = Depends(get_current_vendor_api),
+    current_user: UserContext = Depends(get_current_vendor_api),
 ):
     """
     Get current user's permissions in this vendor.
@@ -438,7 +438,7 @@ def get_my_permissions(
 def get_team_statistics(
     request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(
+    current_user: UserContext = Depends(
         require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
     ),
 ):