feat: add service catalog management with policy integration for domain-based resource access control

Add ServiceCatalogItem type and services CRUD API endpoints (list, create, update, delete). Extend Policy type to include services array with domain, upstream_ip, proxy_ip, and ports metadata.

Add ServicesPage component with table view and create/edit modals for managing service definitions. Include service name, domain, proxy, and upstream columns with port parsing logic.

Integrate service selection

backend/internal/app/app.go

@@ -16,6 +16,7 @@ import (
 	"nexavpn/backend/internal/httpserver"
 	"nexavpn/backend/internal/ipam"
 	"nexavpn/backend/internal/policy"
+	"nexavpn/backend/internal/servicecatalog"
 	"nexavpn/backend/internal/user"
 )
 
@@ -31,12 +32,16 @@ func New(cfg config.Config) (*App, error) {
 	if err != nil {
 		return nil, err
 	}
+	if err := db.EnsureSchema(ctx, pool); err != nil {
+		return nil, err
+	}
 
 	authRepo := auth.NewPGRepository(pool)
 	authService := auth.NewService(authRepo, cfg.JWTSecret, cfg.JWTIssuer, cfg.AccessTokenTTL, cfg.RefreshTokenTTL)
 
 	userService := user.NewService(user.NewPGRepository(pool))
 	groupService := group.NewService(group.NewPGRepository(pool))
+	serviceCatalogService := servicecatalog.NewService(servicecatalog.NewPGRepository(pool))
 	policyService := policy.NewService(policy.NewPGRepository(pool))
 	gatewayService := gateway.NewService(gateway.NewPGRepository(pool))
 	deviceService := device.NewService(device.NewPGRepository(pool), policyService, gatewayService, ipam.NewService())
@@ -47,6 +52,7 @@ func New(cfg config.Config) (*App, error) {
 		User:    user.NewHandler(userService, auditService),
 		Device:  device.NewHandler(deviceService, auditService),
 		Group:   group.NewHandler(groupService, auditService),
+		Service: servicecatalog.NewHandler(serviceCatalogService),
 		Policy:  policy.NewHandler(policyService, auditService),
 		Gateway: gateway.NewHandler(gatewayService, cfg.GatewayBootstrapToken),
 		Audit:   audit.NewHandler(auditService),