restructure: flatten workspace nesting, move devcontainer to root

- backend/workspaces/backend/ → backend/
- backend/workspaces/frontend/ → frontend/
- backend/.devcontainer/ + .vscode/ → repo root (where VS Code expects them)
- loose scripts/SQL files → scripts/
- replace nested git repo with single repo at project root
- update docker-compose.yml build context and devcontainer.json path
- add root .gitignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/api_tests/Admin-Auth.http

@@ -0,0 +1,31 @@
+### 1. Einen "Gast" User erstellen (Muss vom Admin gemacht werden)
+# Wir lassen groupIds leer -> Der User hat KEINE Rechte
+POST http://localhost:8080/api/admin/users
+Authorization: Basic admin admin123
+Content-Type: application/json
+
+{
+  "username": "Gast_User",
+  "email": "gast@test.de",
+  "initialPassword": "gast",
+  "groupIds": []
+}
+
+### 2. POSITIV-TEST: Admin darf Admin-Endpunkt aufrufen -> Sollte 200 OK sein
+GET http://localhost:8080/api/admin/users
+Authorization: Basic admin admin123
+
+### 3. NEGATIV-TEST: Gast darf KEINEN Admin-Endpunkt aufrufen -> Sollte 403 Forbidden sein
+GET http://localhost:8080/api/admin/users
+Authorization: Basic Gast_User gast
+
+### 4. ABER: Gast darf normale Dokumenten-API nutzen (sofern er eingeloggt ist) -> 200 OK
+GET http://localhost:8080/api/documents/upload
+Authorization: Basic Gast_User gast
+# (Gibt 405 Method Not Allowed zurück, weil es ein POST Endpunkt ist, 
+# aber das beweist, dass Auth geklappt hat. Bei Auth-Fehler käme 401/403)
+
+###Groups
+#GET
+GET http://localhost:8080/api/admin/tags
+Authorization: Basic admin admin123

backend/api_tests/Document.http

@@ -0,0 +1,23 @@
+### 1. Upload Test (MIT AUTH)
+POST http://localhost:8080/api/documents/upload
+Authorization: Basic admin admin123
+Content-Type: multipart/form-data; boundary=boundary
+
+--boundary
+Content-Disposition: form-data; name="file"; filename="scan_79.pdf"
+Content-Type: application/pdf
+
+< ./demo.pdf
+--boundary--
+
+### 2. Excel Import Test (MIT AUTH)
+POST http://localhost:8080/api/documents/import-excel?overwrite=true
+Authorization: Basic admin admin123
+Content-Type: multipart/form-data; boundary=boundary2
+
+--boundary2
+Content-Disposition: form-data; name="file"; filename="metadata.xlsx"
+Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+
+< ./metadata.xlsx
+--boundary2--

backend/api_tests/User.http

@@ -0,0 +1,17 @@
+### Schritt 1: Gruppen IDs herausfinden (als Admin)
+GET http://localhost:8080/api/admin/groups
+Authorization: Basic admin admin123
+
+### Schritt 2: Einen neuen User "Onkel_Heinz" anlegen
+POST http://localhost:8080/api/admin/users
+Authorization: Basic admin admin123
+Content-Type: application/json
+
+{
+  "username": "Onkel_Heinz",
+  "email": "heinz@familie.de",
+  "initialPassword": "geheim",
+  "groupIds": [
+    "26f33481-b68a-410d-852b-a081ca9ae930"
+  ]
+}