refactor: extract request context utilities into dedicated package

Move ClaimsFromContext and MustUserID helpers from httpserver to new requestctx package for better separation of concerns. Update all imports across auth, device, policy, and user handlers. Fix Dockerfile to copy go.sum and run go mod tidy before download.

backend/internal/user/handler.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/nexavpn/nexavpn/backend/internal/apiutil"
 	"github.com/nexavpn/nexavpn/backend/internal/audit"
-	"github.com/nexavpn/nexavpn/backend/internal/httpserver"
+	"github.com/nexavpn/nexavpn/backend/internal/requestctx"
 )
 
 type Handler struct {
@@ -47,7 +47,7 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+	if claims, ok := requestctx.ClaimsFromContext(r.Context()); ok {
 		_ = h.audit.Record(r.Context(), audit.Entry{
 			ActorUserID: &claims.UserID,
 			EntityType:  "user",
@@ -73,7 +73,7 @@ func (h *Handler) Disable(w http.ResponseWriter, r *http.Request) {
 		apiutil.Error(w, http.StatusBadRequest, "user_disable_failed", "unable to disable user")
 		return
 	}
-	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+	if claims, ok := requestctx.ClaimsFromContext(r.Context()); ok {
 		_ = h.audit.Record(r.Context(), audit.Entry{
 			ActorUserID: &claims.UserID,
 			EntityType:  "user",
@@ -96,7 +96,7 @@ func (h *Handler) Enable(w http.ResponseWriter, r *http.Request) {
 		apiutil.Error(w, http.StatusBadRequest, "user_enable_failed", "unable to enable user")
 		return
 	}
-	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+	if claims, ok := requestctx.ClaimsFromContext(r.Context()); ok {
 		_ = h.audit.Record(r.Context(), audit.Entry{
 			ActorUserID: &claims.UserID,
 			EntityType:  "user",