feat: add auto-fetch for missing dependencies from upstream registries

Add auto_fetch parameter to dependency resolution endpoint that fetches
missing dependencies from upstream registries (PyPI) when resolving.

- Add RegistryClient abstraction with PyPIRegistryClient implementation
- Extract fetch_and_cache_pypi_package() for reuse
- Add resolve_dependencies_with_fetch() async function
- Extend MissingDependency schema with fetch_attempted/fetch_error
- Add fetched list to DependencyResolutionResponse
- Add auto_fetch_max_depth config setting (default: 3)
- Remove Usage section from Package page UI
- Add 6 integration tests for auto-fetch functionality

backend/app/config.py

@@ -89,6 +89,11 @@ class Settings(BaseSettings):
     pypi_cache_max_depth: int = 10  # Maximum recursion depth for dependency caching
     pypi_cache_max_attempts: int = 3  # Maximum retry attempts for failed cache tasks
 
+    # Auto-fetch configuration for dependency resolution
+    auto_fetch_dependencies: bool = False  # Server default for auto_fetch parameter
+    auto_fetch_max_depth: int = 3  # Maximum fetch recursion depth to prevent runaway fetching
+    auto_fetch_timeout: int = 300  # Total timeout for auto-fetch resolution in seconds
+
     # JWT Authentication settings (optional, for external identity providers)
     jwt_enabled: bool = False  # Enable JWT token validation
     jwt_secret: str = ""  # Secret key for HS256, or leave empty for RS256 with JWKS