feat: RBAC Admin UI + internal permissions API + auth session enhancements
- admin-ui/: React + Tailwind SPA at /app/ (Dashboard, Users, Roles, Services, Audit)
- rbac-routes.js: POST /api/internal/permissions/user (service-to-service, no auth)
- server.js: /api/whoami endpoint for admin SPA auth via nginx X-Email
- server.js: /auth/session now checks X-Email fallback for Google SSO users
- server.js: SPA catch-all for /app/* routes
- server.js: Trusted IP auth now sets X-Auth-Request-Email response header
- public/index.html: Added Admin Panel link
- 3 ecosystem users registered (Rolf, Victoria, Zaid)
TARS
7dfb0eab66