Align FastAPI app with current best practices

[rednafi]

Summary

• align OAuth2/JWT flow with current FastAPI docs: relative token URL, typed Token return, dummy password hash verification, and PyJWT/pwdlib pattern
• use explicit credentialed CORS settings, add a CORS preflight test, and document the env var
• add a Pydantic response model for the dummy APIs, simplify main_func/submodule code, and move logger setup into the app factory
• enable Ruff pyupgrade checks and tighten Docker build context ignores

Verification

• make lint-check
• make test
• uv run --python 3.13 pytest -vv
• uv lock --check
• uv build
• docker compose up -d --build
• curl smoke tests for /, /docs, /token, /api_a/22, /openapi.json, and CORS preflight
• GitHub push CI green for unit tests and container build