feat: 分层 RBAC 权限管理系统

后端:
- 新增 Role / RolePermission 实体（自动 seed 系统角色）
- PermissionService——通过 isAdmin / TenantMember 链路解析用户权限
- @Permission() 装饰器 + PermissionsGuard 守卫
- /api/permissions 和 /api/roles REST API
- UserController 内联 role 检查迁移到 @Permission()
- PermissionModule 全局注册

前端:
- usePermissions hook——获取当前用户权限集
- PermissionGate 组件级门控
- PermissionSettingsView——角色列表+权限矩阵编辑页面
- SettingsView 新增「权限管理」Tab（仅 admin 可见）
- 权限预览（26 项，7 分类）

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

server/src/auth/permission/permission.module.ts

@@ -0,0 +1,20 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { Role } from './role.entity';
+import { RolePermission } from './role-permission.entity';
+import { TenantMember } from '../../tenant/tenant-member.entity';
+import { User } from '../../user/user.entity';
+import { PermissionService } from './permission.service';
+import { PermissionController } from './permission.controller';
+import { RoleController } from './role.controller';
+import { PermissionsGuard } from './permission.guard';
+
+@Module({
+  imports: [
+    TypeOrmModule.forFeature([Role, RolePermission, TenantMember, User]),
+  ],
+  controllers: [PermissionController, RoleController],
+  providers: [PermissionService, PermissionsGuard],
+  exports: [PermissionService, PermissionsGuard],
+})
+export class PermissionModule {}