feat: add service catalog management with policy integration for domain-based resource access control

Add ServiceCatalogItem type and services CRUD API endpoints (list, create, update, delete). Extend Policy type to include services array with domain, upstream_ip, proxy_ip, and ports metadata.

Add ServicesPage component with table view and create/edit modals for managing service definitions. Include service name, domain, proxy, and upstream columns with port parsing logic.

Integrate service selection

backend/internal/db/db.go

@@ -9,3 +9,35 @@ import (
 func Connect(ctx context.Context, databaseURL string) (*pgxpool.Pool, error) {
 	return pgxpool.New(ctx, databaseURL)
 }
+
+func EnsureSchema(ctx context.Context, db *pgxpool.Pool) error {
+	_, err := db.Exec(ctx, `
+		create table if not exists services (
+			id uuid primary key default gen_random_uuid(),
+			name text not null unique,
+			description text not null default '',
+			domain text not null,
+			upstream_ip inet not null,
+			proxy_ip inet not null,
+			ports integer[] not null default '{80,443}',
+			is_active boolean not null default true,
+			created_at timestamptz not null default now(),
+			updated_at timestamptz not null default now(),
+			deleted_at timestamptz
+		);
+
+		create table if not exists policy_services (
+			id uuid primary key default gen_random_uuid(),
+			policy_id uuid not null references policies(id) on delete cascade,
+			service_id uuid not null references services(id) on delete cascade,
+			created_at timestamptz not null default now(),
+			unique(policy_id, service_id)
+		);
+
+		create index if not exists idx_services_domain on services(domain) where deleted_at is null;
+		create unique index if not exists idx_services_domain_unique on services(lower(domain)) where deleted_at is null;
+		create index if not exists idx_policy_services_policy_id on policy_services(policy_id);
+		create index if not exists idx_policy_services_service_id on policy_services(service_id);
+	`)
+	return err
+}