feat: natural language query + production hardening

Features:
- Add /api/ask endpoint for plain-language audit log queries
- Regex-based time/entity extraction (no LLM required for parsing)
- LLM-powered narrative summarisation with OpenAI-compatible APIs
- Graceful fallback to structured bullet lists when LLM is unavailable
- Frontend ask panel with markdown rendering and cited events

Production:
- Harden Dockerfile: non-root user, gunicorn+uvicorn workers
- Add docker-compose.prod.yml with internal networks and health checks
- Add nginx reverse proxy with security headers
- MongoDB no longer exposed externally in production

Tests:
- 29 new tests for ask parsing, query building, and endpoint behaviour
- Fix conftest monkeypatch for routes.ask events collection

Bump version to 1.1.0

backend/models/api.py

@@ -70,3 +70,25 @@ class AlertRuleResponse(BaseModel):
     severity: str
     conditions: list[dict]
     message: str
+
+
+class AskRequest(BaseModel):
+    question: str
+
+
+class AskEventRef(BaseModel):
+    id: str | None = None
+    timestamp: str | None = None
+    operation: str | None = None
+    actor_display: str | None = None
+    target_displays: list[str] | None = None
+    display_summary: str | None = None
+    service: str | None = None
+    result: str | None = None
+
+
+class AskResponse(BaseModel):
+    answer: str
+    events: list[AskEventRef]
+    query_info: dict
+    llm_used: bool