refactor: remove deploy.cmd and update Dockerfile for health checks

- Deleted the deploy.cmd script as it was no longer needed.
- Updated Dockerfile to include curl for health checks and added a non-root user for improved security.
- Modified health check command to use curl for better reliability.
- Adjusted docker-compose.test.yml to reflect changes in health check configuration.
- Cleaned up appsettings.json and removed unused configuration properties.
- Removed Resource entity and related requests from the codebase as part of the architectural shift.
- Updated documentation to reflect the removal of hardware binding and related endpoints.

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/deploy.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+# scripts/deploy.sh — Azaion Admin API deployment orchestrator.
+#
+# Usage:
+#   ENV=staging   ./scripts/deploy.sh <sha-tag>
+#   ENV=production ./scripts/deploy.sh <sha-tag>
+#   ./scripts/deploy.sh --rollback           # uses the SHA from previous_tags.env
+#   ./scripts/deploy.sh --help
+#
+# This is the single entry point; do not call the per-step scripts (pull/stop/
+# start/health) directly except from this file.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# shellcheck source=./_lib.sh
+. "$SCRIPT_DIR/_lib.sh"
+
+usage() {
+    cat <<'EOF'
+Usage:
+  ENV=staging|production ./scripts/deploy.sh <sha-tag>
+  ./scripts/deploy.sh --rollback
+  ./scripts/deploy.sh --help
+
+Environment:
+  ENV                   Required. "staging" or "production". Selects which
+                        secrets/<env>.env (sops-encrypted) is decrypted.
+  REGISTRY_HOST,
+  REGISTRY_IMAGE        Registry hostname and image path; loaded from
+                        secrets/<env>.public.env unless already set.
+  DEPLOY_*              See .env.example.
+
+Notes:
+  - Run this on the deploy target host (it does not SSH for you in cycle 1).
+  - Requires: docker, sops, age, curl, jq.
+EOF
+}
+
+ROLLBACK=0
+SHA_TAG=""
+for arg in "$@"; do
+    case "$arg" in
+        --help|-h) usage; exit 0 ;;
+        --rollback) ROLLBACK=1 ;;
+        -*) die "Unknown flag: $arg (use --help)" ;;
+        *) SHA_TAG="$arg" ;;
+    esac
+done
+
+require_env ENV
+require_cmd docker sops age curl jq
+
+load_env_overlay "$ENV"
+
+if [[ "$ROLLBACK" -eq 1 ]]; then
+    PREV_FILE="$REPO_ROOT/scripts/.previous_tags.env"
+    [[ -f "$PREV_FILE" ]] || die "No $PREV_FILE — cannot determine rollback target"
+    # shellcheck disable=SC1090
+    . "$PREV_FILE"
+    [[ -n "${PREVIOUS_SHA_TAG:-}" ]] || die "PREVIOUS_SHA_TAG missing in $PREV_FILE"
+    SHA_TAG="$PREVIOUS_SHA_TAG"
+    log_warn "ROLLBACK requested → redeploying $SHA_TAG"
+fi
+
+[[ -n "$SHA_TAG" ]] || die "Missing <sha-tag>. Pass the immutable SHA-tag (e.g. a1b2c3d4e5f6-arm) or use --rollback."
+
+export REGISTRY_TAG="$SHA_TAG"
+
+log_info "Deploy plan"
+log_info "  ENV=$ENV"
+log_info "  REGISTRY_HOST=$REGISTRY_HOST"
+log_info "  REGISTRY_IMAGE=$REGISTRY_IMAGE"
+log_info "  REGISTRY_TAG=$REGISTRY_TAG"
+log_info "  DEPLOY_CONTAINER_NAME=$DEPLOY_CONTAINER_NAME"
+log_info "  DEPLOY_HOST_PORT=$DEPLOY_HOST_PORT"
+
+"$SCRIPT_DIR/pull-images.sh"
+"$SCRIPT_DIR/stop-services.sh"
+"$SCRIPT_DIR/start-services.sh"
+"$SCRIPT_DIR/health-check.sh"
+
+log_info "Deploy succeeded — $REGISTRY_HOST/$REGISTRY_IMAGE:$REGISTRY_TAG is live as $DEPLOY_CONTAINER_NAME"