test(backend): add pytest baseline (B0.8)

Unit (SQLite, pure logic):
- test_templating.py: Jinja2 sandbox, regex_extract, strict-undefined,
  sandbox blocks attribute-access escape, output blob 10 MB cap.
- test_password.py: bcrypt hash + verify, empty / malformed handling.
- test_soc_token.py: 256-bit url-safe token + bcrypt verification.
- test_rbac_matrix.py: F11 invariants (lead ⊇ operator, SOC restricted
  to detection + report-read, audit_read & ttp_promote lead-only).
- test_connector_factory.py: register / build / double-register-rejected,
  TaskStatus terminal helper, Mythic mapping vs empty Home mapping.
- test_audit_hash.py: SHA-256 chain helper is deterministic and reacts
  to prev_hash / metadata changes.

Integration scaffold (testcontainers Postgres):
- tests/integration/conftest.py spins up postgres:16-alpine, monkeypatches
  MIMIC_DATABASE_URL, creates a Flask app + db.create_all.
- test_healthz.py: end-to-end smoke through the Flask test client.

38 unit tests pass; ruff clean.

backend/tests/conftest.py

@@ -0,0 +1,24 @@
+"""Shared pytest fixtures for unit-level (SQLite) tests."""
+
+from __future__ import annotations
+
+from collections.abc import Iterator
+
+import pytest
+
+
+@pytest.fixture(autouse=True)
+def _ensure_test_env(monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:
+    """Force MIMIC_ENV=testing so settings load is predictable."""
+    monkeypatch.setenv("MIMIC_ENV", "testing")
+    monkeypatch.setenv("MIMIC_SECRET_KEY", "test-secret-not-real")
+    monkeypatch.setenv("MIMIC_LOG_JSON", "false")
+    monkeypatch.setenv("MIMIC_LOG_LEVEL", "WARNING")
+    # Pydantic Settings is cached via get_settings(); reset the cache.
+    from mimic import config as cfg  # noqa: PLC0415  (must follow env mutation)
+
+    cfg.get_settings.cache_clear()
+    try:
+        yield
+    finally:
+        cfg.get_settings.cache_clear()