Backend, sync, infra, docs: ETag, API versioning, k8s, web scaffold, Android 16, domain stubs

- Backend: ShallowEtagHeaderFilter for /api/v1/*, API-VERSIONING.md, README (tenant, CORS, Flyway, ETag)
- k8s: backend-deployment.yaml (Deployment, Service, Secret/ConfigMap)
- Web: scaffold with directory pull, 304 handling, touch-friendly UI
- Android 16: ANDROID-16-TARGET.md; BuildConfig STUN/signaling, SMOAApplication configures InfrastructureManager
- Domain: CertificateManager revocation stub, ReportService signReports, ZeroTrust/ThreatDetection minimal docs
- TODO.md and IMPLEMENTATION_STATUS.md updated; communications README for endpoint config

Co-authored-by: Cursor <cursoragent@cursor.com>

docs/architecture/ARCHITECTURE.md

@@ -20,11 +20,11 @@ SMOA provides secure mobile operations capabilities for government and military
 - Domain-specific operations (law enforcement, military, judicial, intelligence)
 
 ### System Context
-SMOA operates in a secure mobile environment with:
-- **Operating System:** Android (enterprise-hardened builds)
-- **Device Class:** Foldable smartphones with biometric hardware support
-- **Deployment Model:** Government-furnished or government-approved devices under MDM/UEM control
-- **Connectivity:** Online, offline, and degraded modes
+SMOA operates in a secure mobile and multi-platform environment with:
+- **Primary client:** Android (enterprise-hardened builds); primary device class foldable smartphones with biometric hardware support.
+- **Additional clients:** iOS (last three generations: iOS 15, 16, 17) and Web Dapp (Desktop/Laptop, including touch devices); same backend API contract.
+- **Deployment Model:** Government-furnished or government-approved devices under MDM/UEM control where applicable; Web Dapp served over HTTPS with CORS.
+- **Connectivity:** Online, offline, and degraded modes; backend supports all clients via REST and configurable CORS.
 
 ---