refactor(backend): extract config and speedtest services (phase 4)

This commit continues the backend refactoring initiative by extracting
configuration management and API speedtest logic into dedicated service
layers, completing phase 4 of the architectural improvement plan.

## Changes

### New Service Layers
- **ConfigService** (`services/config.rs`): Consolidates all config
  import/export, backup management, and live sync operations
  - `create_backup()`: Creates timestamped backups with auto-cleanup
  - `export_config_to_path()`: Exports config to specified path
  - `load_config_for_import()`: Loads and validates imported config
  - `import_config_from_path()`: Full import with state update
  - `sync_current_providers_to_live()`: Syncs current providers to live files
  - Private helpers for Claude/Codex-specific sync logic

- **SpeedtestService** (`services/speedtest.rs`): Encapsulates endpoint
  latency testing with proper validation and error handling
  - `test_endpoints()`: Tests multiple URLs concurrently
  - URL validation now unified in service layer
  - Includes 3 unit tests for edge cases (empty list, invalid URLs, timeout clamping)

### Command Layer Refactoring
- Move all import/export commands to `commands/import_export.rs`
- Commands become thin wrappers: parse params → call service → return JSON
- Maintain `spawn_blocking` for I/O operations (phase 5 optimization)
- Lock acquisition happens after I/O completes (minimize contention)

### File Organization
- Delete: `import_export.rs`, `speedtest.rs` (root-level modules)
- Create: `commands/import_export.rs`, `services/config.rs`, `services/speedtest.rs`
- Update: Module declarations in `lib.rs`, `commands/mod.rs`, `services/mod.rs`

### Test Updates
- Update 20 integration tests in `import_export_sync.rs` to use `ConfigService` APIs
- All existing test cases pass without modification to test logic
- Add 3 new unit tests for `SpeedtestService`:
  - `sanitize_timeout_clamps_values`: Boundary value testing
  - `test_endpoints_handles_empty_list`: Empty input handling
  - `test_endpoints_reports_invalid_url`: Invalid URL error reporting

## Benefits

1. **Improved Testability**: Service methods are `pub fn`, easily callable
   from tests without Tauri runtime
2. **Better Separation of Concerns**: Business logic isolated from
   command/transport layer
3. **Enhanced Maintainability**: Related operations grouped in cohesive
   service structs
4. **Consistent Error Handling**: Services return `Result<T, AppError>`,
   commands convert to `Result<T, String>`
5. **Performance**: I/O operations run in `spawn_blocking`, locks released
   before file operations

## Testing

- ✅ All 43 tests passing (7 unit + 36 integration)
- ✅ `cargo fmt --check` passes
- ✅ `cargo clippy -- -D warnings` passes (zero warnings)

## Documentation

Updated `BACKEND_REFACTOR_PLAN.md` to reflect completion of config and
speedtest service extraction, marking phase 4 substantially complete.

Co-authored-by: Claude Code <code@anthropic.com>

src-tauri/tests/import_export_sync.rs

@@ -3,8 +3,8 @@ use std::{fs, path::Path, sync::RwLock};
 use tauri::async_runtime;
 
 use cc_switch_lib::{
-    create_backup, get_claude_settings_path, import_config_from_path, read_json_file,
-    sync_current_providers_to_live, AppError, AppState, AppType, MultiAppConfig, Provider,
+    get_claude_settings_path, read_json_file, AppError, AppState, AppType, ConfigService,
+    MultiAppConfig, Provider,
 };
 
 #[path = "support.rs"]
@@ -41,7 +41,7 @@ fn sync_claude_provider_writes_live_settings() {
     manager.providers.insert("prov-1".to_string(), provider);
     manager.current = "prov-1".to_string();
 
-    sync_current_providers_to_live(&mut config).expect("sync live settings");
+    ConfigService::sync_current_providers_to_live(&mut config).expect("sync live settings");
 
     let settings_path = get_claude_settings_path();
     assert!(
@@ -110,7 +110,7 @@ fn sync_codex_provider_writes_auth_and_config() {
     manager.providers.insert("codex-1".to_string(), provider);
     manager.current = "codex-1".to_string();
 
-    sync_current_providers_to_live(&mut config).expect("sync codex live");
+    ConfigService::sync_current_providers_to_live(&mut config).expect("sync codex live");
 
     let auth_path = cc_switch_lib::get_codex_auth_path();
     let config_path = cc_switch_lib::get_codex_config_path();
@@ -266,7 +266,7 @@ fn sync_codex_provider_missing_auth_returns_error() {
     manager.providers.insert(provider.id.clone(), provider);
     manager.current = "codex-missing-auth".to_string();
 
-    let err = sync_current_providers_to_live(&mut config)
+    let err = ConfigService::sync_current_providers_to_live(&mut config)
         .expect_err("sync should fail when auth missing");
     match err {
         cc_switch_lib::AppError::Config(msg) => {
@@ -595,7 +595,7 @@ fn create_backup_skips_missing_file() {
     let config_path = home.join(".cc-switch").join("config.json");
 
     // 未创建文件时应返回空字符串，不报错
-    let result = create_backup(&config_path).expect("create backup");
+    let result = ConfigService::create_backup(&config_path).expect("create backup");
     assert!(
         result.is_empty(),
         "expected empty backup id when config file missing"
@@ -612,7 +612,7 @@ fn create_backup_generates_snapshot_file() {
     fs::create_dir_all(&config_dir).expect("prepare config dir");
     fs::write(&config_path, r#"{"version":2}"#).expect("write config file");
 
-    let backup_id = create_backup(&config_path).expect("backup success");
+    let backup_id = ConfigService::create_backup(&config_path).expect("backup success");
     assert!(
         !backup_id.is_empty(),
         "backup id should contain timestamp information"
@@ -651,7 +651,8 @@ fn create_backup_retains_only_latest_entries() {
 
     std::thread::sleep(std::time::Duration::from_secs(1));
 
-    let latest_backup_id = create_backup(&config_path).expect("create backup with cleanup");
+    let latest_backup_id =
+        ConfigService::create_backup(&config_path).expect("create backup with cleanup");
     assert!(
         !latest_backup_id.is_empty(),
         "backup id should not be empty when config exists"
@@ -731,8 +732,8 @@ fn import_config_from_path_overwrites_state_and_creates_backup() {
         config: RwLock::new(MultiAppConfig::default()),
     };
 
-    let backup_id =
-        import_config_from_path(&import_path, &app_state).expect("import should succeed");
+    let backup_id = ConfigService::import_config_from_path(&import_path, &app_state)
+        .expect("import should succeed");
     assert!(
         !backup_id.is_empty(),
         "expected backup id when original config exists"
@@ -787,7 +788,8 @@ fn import_config_from_path_invalid_json_returns_error() {
         config: RwLock::new(MultiAppConfig::default()),
     };
 
-    let err = import_config_from_path(&invalid_path, &app_state).expect_err("import should fail");
+    let err = ConfigService::import_config_from_path(&invalid_path, &app_state)
+        .expect_err("import should fail");
     match err {
         AppError::Json { .. } => {}
         other => panic!("expected json error, got {other:?}"),
@@ -805,7 +807,7 @@ fn import_config_from_path_missing_file_produces_io_error() {
         config: RwLock::new(MultiAppConfig::default()),
     };
 
-    let err = import_config_from_path(missing_path, &app_state)
+    let err = ConfigService::import_config_from_path(missing_path, &app_state)
         .expect_err("import should fail for missing file");
     match err {
         AppError::Io { .. } => {}