refactor(client): replace hardcoded API URLs with ApiRoutes constants

Centralizes all API endpoint strings in ApiRoutes for consistency and
easier maintenance. Adds Hubs class for SignalR endpoints. Removes
completed plan files.

NEW/src/JdeScoping.Client/Auth/AuthStateProvider.cs

@@ -1,5 +1,6 @@
 using System.Net.Http.Json;
 using System.Security.Claims;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.Models.Auth;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.Logging;
@@ -63,7 +64,7 @@ public class AuthStateProvider : AuthenticationStateProvider, IAuthStateProvider
     {
         try
         {
-            var response = await _httpClient.GetAsync("api/auth/me");
+            var response = await _httpClient.GetAsync(ApiRoutes.Auth.Me);
             if (response.IsSuccessStatusCode)
             {
                 return await response.Content.ReadFromJsonAsync<UserInfoDto>();

NEW/src/JdeScoping.Client/Components/DataSync/NewSyncRequestDialog.razor.cs

@@ -1,4 +1,5 @@
 using System.Net.Http.Json;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.ViewModels;
 using Microsoft.AspNetCore.Components;
 using Radzen;
@@ -88,7 +89,7 @@ public partial class NewSyncRequestDialog : ComponentBase
                 SyncType = _selectedSyncType!
             };
 
-            var response = await HttpClient.PostAsJsonAsync("api/manual-sync", createDto);
+            var response = await HttpClient.PostAsJsonAsync(ApiRoutes.ManualSync.Base, createDto);
 
             if (response.IsSuccessStatusCode)
             {

NEW/src/JdeScoping.Client/Services/AuthService.cs

@@ -1,5 +1,6 @@
 using System.Net.Http.Json;
 using JdeScoping.Client.Auth;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.Models.Auth;
 
 namespace JdeScoping.Client.Services;
@@ -43,7 +44,7 @@ public class AuthService : IAuthService
             var request = new EncryptedLoginRequest(encryptedData);
 
             // Send encrypted request
-            var response = await _httpClient.PostAsJsonAsync("api/auth/login", request);
+            var response = await _httpClient.PostAsJsonAsync(ApiRoutes.Auth.Login, request);
 
             var result = await response.Content.ReadFromJsonAsync<LoginResultModel>();
             if (result is null)
@@ -72,7 +73,7 @@ public class AuthService : IAuthService
     {
         try
         {
-            await _httpClient.PostAsync("api/auth/logout", null);
+            await _httpClient.PostAsync(ApiRoutes.Auth.Logout, null);
         }
         catch
         {

NEW/src/JdeScoping.Client/Services/CryptoService.cs

@@ -1,5 +1,6 @@
 using System.Net.Http.Json;
 using System.Text.Json;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.Models.Auth;
 using Microsoft.JSInterop;
 
@@ -57,7 +58,7 @@ public class CryptoService : ICryptoService, IAsyncDisposable
             if (_cachedPublicKeyPem is not null)
                 return _cachedPublicKeyPem;
 
-            var response = await _httpClient.GetFromJsonAsync<PublicKeyResponse>("api/auth/public-key")
+            var response = await _httpClient.GetFromJsonAsync<PublicKeyResponse>(ApiRoutes.Auth.PublicKey)
                 ?? throw new InvalidOperationException("Failed to fetch public key from server");
 
             _cachedPublicKeyPem = response.PublicKeyPem;

NEW/src/JdeScoping.Client/Services/HubConnectionService.cs

@@ -1,3 +1,4 @@
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.ViewModels;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.SignalR.Client;
@@ -50,7 +51,7 @@ public class HubConnectionService : IHubConnectionService, IAsyncDisposable
         // In Blazor WebAssembly, the browser automatically sends cookies with requests
         // to the same origin, so we don't need to configure any special auth options
         _hubConnection = new HubConnectionBuilder()
-            .WithUrl(_navigationManager.ToAbsoluteUri("/hubs/status"))
+            .WithUrl(_navigationManager.ToAbsoluteUri(ApiRoutes.Hubs.Status))
             .WithAutomaticReconnect([
                 TimeSpan.Zero,
                 TimeSpan.FromSeconds(2),

NEW/src/JdeScoping.Client/Services/RefreshStatusService.cs

@@ -1,4 +1,5 @@
 using System.Net.Http.Json;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.Models.Infrastructure;
 
 namespace JdeScoping.Client.Services;
@@ -30,10 +31,8 @@ public class RefreshStatusService : IRefreshStatusService
     {
         try
         {
-            var minDtStr = minDt.ToString("yyyy-MM-dd");
-            var maxDtStr = maxDt.ToString("yyyy-MM-dd");
             var result = await _httpClient.GetFromJsonAsync<List<DataUpdateDto>>(
-                $"api/refresh-status?minDT={minDtStr}&maxDT={maxDtStr}");
+                ApiRoutes.RefreshStatus.Get(minDt, maxDt));
             return result ?? [];
         }
         catch (Exception ex)

NEW/src/JdeScoping.Core/ApiContracts/ApiRoutes.cs

@@ -192,4 +192,13 @@ public static class ApiRoutes
         /// <summary>Route to reload pipelines.</summary>
         public const string Reload = "api/pipelines/reload";
     }
+
+    /// <summary>
+    /// Routes for SignalR hub endpoints.
+    /// </summary>
+    public static class Hubs
+    {
+        /// <summary>Route for the status hub (real-time search updates).</summary>
+        public const string Status = "/hubs/status";
+    }
 }