feat: add service catalog management with policy integration for domain-based resource access control

Add ServiceCatalogItem type and services CRUD API endpoints (list, create, update, delete). Extend Policy type to include services array with domain, upstream_ip, proxy_ip, and ports metadata.

Add ServicesPage component with table view and create/edit modals for managing service definitions. Include service name, domain, proxy, and upstream columns with port parsing logic.

Integrate service selection

deploy/docker-compose.yml

@@ -89,10 +89,28 @@ services:
       NEXAVPN_UPLINK_INTERFACE: ${NEXAVPN_UPLINK_INTERFACE:-eth0}
       NEXAVPN_ENABLE_MASQUERADE: ${NEXAVPN_ENABLE_MASQUERADE:-true}
       NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-127.0.0.1}
+      NEXAVPN_ACCESS_PROXY_IP: ${NEXAVPN_ACCESS_PROXY_IP:-}
     volumes:
       - ./scripts/gateway-entrypoint.sh:/scripts/gateway-entrypoint.sh:ro
       - gateway-state:/var/lib/nexavpn
 
+  access-proxy:
+    build:
+      context: .
+      dockerfile: access-proxy/Dockerfile
+    depends_on:
+      - backend
+    network_mode: host
+    environment:
+      GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
+      NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
+      NEXAVPN_GATEWAY_ID_FILE: /var/lib/nexavpn/gateway-id
+      NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent}
+      NEXAVPN_ACCESS_PROXY_HTTP_ADDR: ${NEXAVPN_ACCESS_PROXY_HTTP_ADDR:-172.16.0.120:80}
+      NEXAVPN_ACCESS_PROXY_HTTPS_ADDR: ${NEXAVPN_ACCESS_PROXY_HTTPS_ADDR:-172.16.0.120:443}
+    volumes:
+      - gateway-state:/var/lib/nexavpn
+
 volumes:
   postgres-data:
   gateway-state: