feat(m7): blue review fields + spec amendment + reviewer follow-ups

User feedback after the M7 ship: blue team's Excel workflow had 5 extra
fields we didn't capture. Per-test page also doesn't match their
workflow — they need a tabular view, one table per scenario.

Spec
- tasks/spec.md amended (`revised: 2026-05-15`): §4 in-scope, §F6, §8
  model bullet. §F6 now pins the column matrix, single-row-edit
  semantics, Esc-cancel, blur-confirm, and reconciles detection_level
  as a pill inside the Commentaires cell (no 8th column).
- tasks/todo.md M7 section grew an "Amendement 2026-05-15" sub-block
  tracking backend ☑ and frontend ☐.

Backend
- Migration c2a8f4b1d6e9: 5 nullable columns on mission_tests
  (blue_log_source, blue_siem_logs, blue_incident_at,
  blue_incident_number, blue_incident_recipient_email).
- _BLUE_FIELDS extended; update_mission_test_fields propagates each
  field; MissionTestDetailView + MissionTestView (the nested view in
  GET /missions/{id}) surface every annotation field, plus
  last_actor_*, updated_at, detection_level_key — O(1) batch lookup
  for detection-level keys and last-actor users keeps it scalable.
- UpdateMissionTestPayload accepts each field with length caps
  (120/200_000/120/255).

Reviewer follow-ups applied
- blue_incident_at + executed_at now reject naïve datetimes
  (_ensure_aware_datetime) — Postgres would otherwise interpret
  them in the session TZ, defeating the M7 verbatim-time contract.
- blue_incident_recipient_email goes through a permissive RFC-shape
  regex (_validate_email_shape) so internal/lab TLDs like .local
  / .corp / .test pass — Pydantic EmailStr is too strict (lessons.md
  M2 trap).
- Project-wide: switched `e.errors()` to
  `e.errors(include_context=False, include_url=False)` because the
  AfterValidator-raised ValueError lands in ctx and Flask can't
  serialize it.

Tests
- 5 new pytest cases: blue user writes the 5 new fields, red user is
  individually 403'd on each, round-trip via GET, naïve datetime
  rejected, email shape validated (.local accepted, bad shape 400).
- 138 pytest green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend/app/api/scenario_templates.py

@@ -125,7 +125,7 @@ def create_scenario_template():
     try:
         payload = CreateScenarioPayload.model_validate(request.get_json(silent=True) or {})
     except ValidationError as e:
-        return jsonify({"error": "invalid_request", "details": e.errors()}), 400
+        return jsonify({"error": "invalid_request", "details": e.errors(include_context=False, include_url=False)}), 400
     try:
         view = svc.create_scenario_template(
             name=payload.name,
@@ -154,7 +154,7 @@ def update_scenario_template(scenario_id: str):
     try:
         payload = UpdateScenarioPayload.model_validate(raw)
     except ValidationError as e:
-        return jsonify({"error": "invalid_request", "details": e.errors()}), 400
+        return jsonify({"error": "invalid_request", "details": e.errors(include_context=False, include_url=False)}), 400
     kwargs: dict[str, Any] = {}
     if "name" in raw:
         kwargs["name"] = payload.name
@@ -179,7 +179,7 @@ def set_scenario_tests(scenario_id: str):
     try:
         payload = SetTestsPayload.model_validate(request.get_json(silent=True) or {})
     except ValidationError as e:
-        return jsonify({"error": "invalid_request", "details": e.errors()}), 400
+        return jsonify({"error": "invalid_request", "details": e.errors(include_context=False, include_url=False)}), 400
     try:
         view = svc.set_scenario_tests(sid, payload.test_template_ids)
     except svc.ScenarioTemplateNotFound: