Multi-Architecture Backend Builds, Admin Meta-Entity Cleanup Tooling, and Test/Stability Fixes

This backend release bundles several internal improvements that reached the QA environment. Container images are now built for both Intel/AMD (amd64) and ARM (arm64) architectures, a new internal admin tool lets operations safely review and permanently remove Organizations, Departments, and Contacts, and a broad round of test repairs and small bug fixes hardens the platform's reliability.

The Docker build previously produced images for a single CPU architecture, which limits where the backend can run and complicates deployment onto ARM-based infrastructure. Separately, there was no safe, auditable way for administrators to clean up obsolete master-data records (organizations, departments, contacts) and their many dependent links. Finally, a large portion of the automated test suite was failing, which obscured real regressions and slowed delivery.

• Deployments become more flexible and portable: the same release can run on both Intel/AMD and ARM servers without separate builds.
• Operations teams gain an internal Admin Portal page to search, inspect, and (with confirmation) permanently delete master-data entities, including a dry-run preview that shows exactly what would be removed before anything is deleted.
• A few latent backend bugs are fixed (notably an admin circuit-breaker reset that previously crashed), and a restored test suite improves confidence in future releases. No end-user-facing application screens change.

Grounded in the diff (41 files, +1501/-393):

• Multi-arch CI build (.github/workflows/docker-ecr.yml): replaced single-platform docker build/docker push with docker buildx build --platform linux/amd64,linux/arm64 --push across both build jobs.
• New MetaEntityDeletionService (~549 lines): FK-ordered, multi-step hard delete for Organization/Department/Contact MetaEntities with dry-run preview, scoped per-tenant unlink (only deletes the entity when no tenant links remain), and TOCTOU-safe SELECT ... FOR UPDATE row locking; uses projection-write bypass.
• Admin API + UI: new GET /meta-entities (search/type/tenant filters, pagination), GET /meta-entities/{id} (detail with tenant links), and DELETE /meta-entities/{id} (with dry_run and tenant_id params); new meta_entities.html admin page plus a nav link; all guarded by get_admin_user.
• Bug fixes: admin circuit-breaker reset now calls breaker.reset() instead of mutating internal state (fixes a crash); POST /status-transitions/validate-bulk response_model loosened to allow complex error responses; stale import paths repaired (bulk_selection_service, mcp_server) after model moves to dms.*/identity.*; type-hint modernization (Optional[X] to X | None, from __future__ import annotations) in database.py and autoscale service.
• Tests: repaired ~76 integration test failures and the live (dev-API) test suite — factory fixes (table/column/enum corrections), CSRF/workspace headers, corrected endpoint paths, and admin-client fixtures. pyrightconfig.json added to .gitignore.

The highest-risk component is the permanent (hard) deletion of master-data entities and their dependents — irreversible if misused. Mitigations already in place: the endpoints require admin authentication, a dry_run mode previews affected rows before any change, deletion is FK-ordered with row locking to avoid partial/corrupt states, and a per-tenant scoped unlink avoids deleting shared entities still linked elsewhere. The multi-arch build change affects the deployment pipeline and should be validated by a successful CI build/push to ECR. Most remaining changes are tests, type hints, and import fixes with low runtime risk.

• Confirm CI produces and pushes a multi-arch image (amd64 + arm64) to ECR and that the pushed manifest lists both platforms.
• In the Admin Portal, exercise the Meta Entities page: search/filter by name, ID, type, and tenant; verify list pagination and detail view (tenant links shown correctly).
• Verify deletion safety: run DELETE with dry_run=true and confirm the preview lists affected rows without changing data; verify scoped delete with tenant_id only severs that tenant's link when other links remain, and full delete only removes the entity when no links remain. Confirm non-admins are rejected.
• Regression-check the admin circuit-breaker reset endpoint (no crash) and POST /status-transitions/validate-bulk error responses.
• Run the integration and live test suites and confirm they pass.