refactor: Clean Architecture mit Repository Pattern, Controllern und DTOs

- 15 Controller-Klassen ersetzen Minimal APIs in Program.cs
- Repository Pattern mit Interfaces + Implementierungen (Project, Task, Activity, User)
- AuthService verwendet jetzt IUserRepository statt direktem DbContext-Zugriff
- SecurityHeadersMiddleware als eigenständige Middleware-Klasse
- PathSecurityHelper als gemeinsamer Helper für Pfadvalidierung
- DTOs in eigenem Namespace Nexus.Api.DTOs
- EF-Entities in Nexus.Api.Data (vorher Nexus.Api.Domain)
- Program.cs auf DI-Registrierung + Middleware reduziert
- Alle 43 Endpoints unverändert erhalten
- Build + 3/3 Tests erfolgreich

backend/Controllers/SecurityController.cs

@@ -0,0 +1,29 @@
+using Microsoft.AspNetCore.Mvc;
+
+namespace Nexus.Api.Controllers;
+
+[ApiController]
+[Route("api/v1/security")]
+public class SecurityController(IConfiguration config) : ControllerBase
+{
+    [HttpGet("status")]
+    public IResult GetStatus()
+    {
+        var jwtIssuer = config["Jwt:Issuer"] ?? "nexus";
+        var jwtAudience = config["Jwt:Audience"] ?? "nexus-web";
+        var refreshDays = config.GetValue<int>("Jwt:RefreshTokenExpirationDays", 7);
+        var accessTokenMinutes = config.GetValue<int>("Jwt:AccessTokenExpirationMinutes", 30);
+
+        return Results.Ok(new
+        {
+            authMethod = "JWT + PBKDF2",
+            tokenConfig = new { refreshTokenDays = refreshDays, accessTokenMinutes },
+            rateLimit = "5 login attempts per minute per IP",
+            passwordPolicy = "Minimum 10 characters",
+            cookieConfig = new { httpOnly = true, secure = true, sameSite = "Strict" },
+            twoFactorEnabled = false,
+            passkeyEnabled = false,
+            checkedAt = DateTimeOffset.UtcNow
+        });
+    }
+}