M1-T03: unify data layer, models, deps and routes onto single app DB

Collapse the three data layers into one. app/db.py now exposes a single
Base, a cached engine bound to app_database_url with SQLite WAL enabled, and
get_engine/get_session_local/reset_db_caches/get_db_session. Delete
app/auth_db.py, app/poo_db.py and app/models/base.py. All models (auth,
config, public_ip, location, poo) inherit the one Base and register on a
single metadata. Dependencies converge to a single get_db; all routes use it.

Also update the alembic env.py files (app/location/poo) and tests that
imported the removed modules so the suite stays green, and drop the obsolete
test_legacy_style_location_db test whose flow (app reading a separate location
DB) no longer exists. Location/poo Alembic chains, adopt scripts and adoption
tests remain for M1-T04; config fields remain for M1-T05.

pytest 109 passed; ruff clean (pre-existing only); WAL verified; single
Base.metadata holds all seven tables.

tests/test_ticktick.py

@@ -6,7 +6,7 @@ from urllib.parse import parse_qs, urlparse
 import pytest
 from fastapi.testclient import TestClient
 
-from app.auth_db import reset_auth_db_caches
+from app.db import reset_db_caches
 from app.config import Settings, get_settings
 from app.integrations.ticktick import (
     AUTH_SCOPE,
@@ -221,7 +221,7 @@ def test_homeassistant_publish_creates_ticktick_action_task(
     monkeypatch.setenv("TICKTICK_TOKEN", "ticktick-access-token")
     monkeypatch.setenv("HOME_ASSISTANT_ACTION_TASK_PROJECT_ID", "project-123")
     get_settings.cache_clear()
-    reset_auth_db_caches()
+    reset_db_caches()
 
     captured = {"calls": []}
 
@@ -265,7 +265,7 @@ def test_ticktick_auth_start_redirects_authenticated_user(
     monkeypatch.setenv("TICKTICK_CLIENT_ID", "ticktick-client-id")
     monkeypatch.setenv("TICKTICK_CLIENT_SECRET", "ticktick-client-secret")
     get_settings.cache_clear()
-    reset_auth_db_caches()
+    reset_db_caches()
     monkeypatch.setattr("app.integrations.ticktick.secrets.token_hex", lambda _: "state-redirect")
 
     with TestClient(create_app()) as client:
@@ -301,7 +301,7 @@ def test_ticktick_auth_callback_persists_token(
     monkeypatch.setenv("TICKTICK_CLIENT_ID", "ticktick-client-id")
     monkeypatch.setenv("TICKTICK_CLIENT_SECRET", "ticktick-client-secret")
     get_settings.cache_clear()
-    reset_auth_db_caches()
+    reset_db_caches()
     default_auth_state_store.pending_state = "callback-state"
 
     def fake_urlopen(req, timeout):
@@ -342,7 +342,7 @@ def test_ticktick_auth_callback_redirects_on_invalid_state(
     monkeypatch.setenv("TICKTICK_CLIENT_ID", "ticktick-client-id")
     monkeypatch.setenv("TICKTICK_CLIENT_SECRET", "ticktick-client-secret")
     get_settings.cache_clear()
-    reset_auth_db_caches()
+    reset_db_caches()
     default_auth_state_store.pending_state = "expected-state"
 
     with TestClient(create_app()) as client:
@@ -366,7 +366,7 @@ def test_ticktick_auth_callback_redirects_when_token_exchange_fails(
     monkeypatch.setenv("TICKTICK_CLIENT_ID", "ticktick-client-id")
     monkeypatch.setenv("TICKTICK_CLIENT_SECRET", "ticktick-client-secret")
     get_settings.cache_clear()
-    reset_auth_db_caches()
+    reset_db_caches()
     default_auth_state_store.pending_state = "callback-state"
 
     def fake_urlopen(req, timeout):