feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)

Phase 1: Vendor sync from service registry (82+ services → banner vendors)
Phase 2: Category-based retention (marketing=90d, statistics=790d, not hardcoded 365d)
Phase 3: DSR ↔ Banner email linking (link-email, by-email, Art.17 erasure, Art.15/20 export)
Phase 4: Consent sync (Banner → Einwilligungen bridge)
Phase 6: Consent proof (SHA256 config hash + config_version in audit log, Art. 7(1) DSGVO)

New files:
- banner_dsr_service.py — email linking + DSR integration
- vendor_banner_sync.py — service registry → vendor configs
- migration 106 — linked_email, banner_config_hash, consent_version columns

Tests: 20+ new backend tests + 2 Playwright E2E test suites (API + UI)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend-compliance/compliance/schemas/banner.py

@@ -76,10 +76,26 @@ class VendorConfigCreate(BaseModel):
     retention_days: int = 365
 
 
+class LinkEmailRequest(BaseModel):
+    """Request body for linking an email to a device fingerprint."""
+    site_id: str
+    device_fingerprint: str
+    email: str
+
+
+class ConsentSyncRequest(BaseModel):
+    """Request body for syncing banner consent to Einwilligungen."""
+    site_id: str
+    device_fingerprint: str
+    email: str
+
+
 __all__ = [
     "ConsentCreate",
     "SiteConfigCreate",
     "SiteConfigUpdate",
     "CategoryConfigCreate",
     "VendorConfigCreate",
+    "LinkEmailRequest",
+    "ConsentSyncRequest",
 ]