(feature) Add staff-only JSON inspection API

Expose lightweight Django JSON endpoints for hosts, snapshots, and backup runs
using the existing admin/staff authentication boundary. Include filters for
snapshot and run inspection, return resolved snapshot base metadata, and document
the new /api/ entrypoint.

Add endpoint tests for authentication, host summaries, snapshot lineage payloads,
and run filtering.

src/pobsync_server/urls.py

@@ -3,7 +3,13 @@ from __future__ import annotations
 from django.contrib import admin
 from django.urls import path
 
+from pobsync_backend import api
+
 
 urlpatterns = [
+    path("api/", api.api_index),
+    path("api/hosts/", api.hosts),
+    path("api/snapshots/", api.snapshots),
+    path("api/runs/", api.runs),
     path("admin/", admin.site.urls),
 ]