feat(notifications): add delivery service with dedupe and redaction (PR 3 of #254)

[Pragati5-DEBUG]

Part 3 of 5 for #254 — notification delivery service (webhook, dedupe, redaction, history).

Description

This is PR 3 of 5 for #254 (notification channels for high/critical findings).

PR 1 added database schema and models.
PR 2 added API routes for rules and history.
This PR adds the notification delivery service that actually evaluates rules and sends alerts.

What this PR adds:

backend/secuscan/notification_service.py — delivery logic
Severity matching — only notifies when finding severity meets the rule threshold
Dedupe — skips if the same rule already successfully notified the same finding
Redaction — alert payloads redact secrets (tokens, API keys, etc.) before send
Webhook — HTTP POST to configured URLs via httpx
Email — placeholder channel (logs intent, records success; SMTP not implemented yet)
History — writes every attempt to notification_history (success/failed + error)
httpx added to backend/requirements.txt
7 unit tests in testing/backend/unit/test_notification_service.py

Planned execution order:

DB schema + models ✅ merged
API routes ✅ merged
Delivery service ← this PR
Executor hook (trigger after scan)
Settings UI
Hi @utksh1 — continuing the split from #360. Please review when you can.

Type of Change

New feature (non-breaking change which adds functionality)

Checklist

My code follows the code style of this project.

I have performed a self-review of my own code.

My changes generate no new warnings.

[utksh1]

Reviewed the notification delivery service, redaction/dedupe behavior, and unit coverage. The implementation is scoped, has green CI, and is acceptable for merge after updating against current main.