Add Terraform AWS infrastructure and enhanced CI/CD pipeline (FRE-4574)

- Terraform modules: VPC, ECS Fargate, RDS PostgreSQL, ElastiCache Redis, S3, Secrets Manager, CloudWatch
- Multi-environment support: staging and production configs
- ECS auto-scaling: CPU-based scaling with configurable min/max
- CI/CD: pnpm caching, Docker Buildx, Trivy security scanning, Terraform plan on PR
- Deploy: ECS service updates with automatic rollback on health check failure
- Backup: automated RDS snapshots, S3 versioning, ElastiCache snapshots
- Monitoring: CloudWatch dashboards, CPU/memory/5xx alarms
- Rollback script for manual service rollback
- Infrastructure documentation with architecture overview

infra/scripts/rollback.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -euo pipefail
+
+ENVIRONMENT=${1:-staging}
+SERVICE=${2:-all}
+
+CLUSTER="shieldai-${ENVIRONMENT}"
+
+echo "Rolling back services in cluster: $CLUSTER"
+
+SERVICES="api darkwatch spamshield voiceprint"
+if [ "$SERVICE" != "all" ]; then
+  SERVICES="$SERVICE"
+fi
+
+for svc in $SERVICES; do
+  echo "Rolling back $svc..."
+  aws ecs update-service \
+    --cluster "$CLUSTER" \
+    --service "${CLUSTER}-${svc}" \
+    --rollback \
+    --no-cli-auto-prompt
+
+  echo "Waiting for $svc to stabilize..."
+  aws ecs wait services-stable \
+    --cluster "$CLUSTER" \
+    --services "${CLUSTER}-${svc}"
+
+  echo "$svc rolled back successfully"
+done
+
+echo "Rollback complete for $SERVICES"