refactor: remove deploy.cmd and update Dockerfile for health checks

- Deleted the deploy.cmd script as it was no longer needed.
- Updated Dockerfile to include curl for health checks and added a non-root user for improved security.
- Modified health check command to use curl for better reliability.
- Adjusted docker-compose.test.yml to reflect changes in health check configuration.
- Cleaned up appsettings.json and removed unused configuration properties.
- Removed Resource entity and related requests from the codebase as part of the architectural shift.
- Updated documentation to reflect the removal of hardware binding and related endpoints.

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/02_document/modules/services_detection_class_service.md

@@ -0,0 +1,47 @@
+# Module: Azaion.Services.DetectionClassService
+
+## Purpose
+CRUD service for `DetectionClass` rows backing the admin Detection Classes table. Wraps `IDbFactory.RunAdmin` calls and translates request DTOs into entity writes.
+
+> **Cycle 1 (2026-05-13) origin** — added by AZ-513.
+
+## Public Interface
+
+### IDetectionClassService
+| Method | Signature | Description |
+|--------|-----------|-------------|
+| `Create` | `Task<DetectionClass> Create(CreateDetectionClassRequest request, CancellationToken ct)` | Inserts a new class; returns the entity with the DB-assigned `Id` |
+| `Update` | `Task<DetectionClass?> Update(int id, UpdateDetectionClassRequest request, CancellationToken ct)` | Partial-merge update; returns `null` when the id doesn't exist |
+| `Delete` | `Task<bool> Delete(int id, CancellationToken ct)` | Returns `true` when at least one row was deleted; `false` when the id wasn't present |
+
+## Internal Logic
+- **Create**: instantiates `DetectionClass`, sets `CreatedAt = DateTime.UtcNow`, calls `db.InsertWithInt32IdentityAsync`, assigns the returned id back to the entity, returns it.
+- **Update**: loads the row by id under the admin connection, returns `null` if missing. Otherwise applies a null-aware merge: each non-null property on the request overwrites the entity, then `db.UpdateAsync(existing)` persists the row. The route returns 404 when the service returns null.
+- **Delete**: `db.DetectionClasses.DeleteAsync(x => x.Id == id, ct)`; returns `deleted > 0`. The route returns 404 when the service returns false.
+
+All writes go through `IDbFactory.RunAdmin` (admin DB connection / role).
+
+## Dependencies
+- `IDbFactory` (`Azaion.Common.Database.IDbFactory`)
+- `DetectionClass` entity
+- `CreateDetectionClassRequest`, `UpdateDetectionClassRequest`
+- `LinqToDB` extension methods (`FirstOrDefaultAsync`, `InsertWithInt32IdentityAsync`, `UpdateAsync`, `DeleteAsync`)
+
+## Consumers
+- `Azaion.AdminApi.Program` — `POST /classes`, `PATCH /classes/{id:int}`, `DELETE /classes/{id:int}` handlers
+
+## Data Models
+Operates on `DetectionClass` via `AzaionDb.DetectionClasses`.
+
+## Configuration
+None.
+
+## External Integrations
+PostgreSQL via `IDbFactory.RunAdmin`.
+
+## Security
+- All endpoints that delegate to this service require `apiAdminPolicy` at the route level.
+- Validators run before the service (no extra defensive validation inside the service).
+
+## Tests
+- `e2e/Azaion.E2E/Tests/DetectionClassesTests.cs` — covers AZ-513 ACs 1–9