feat: add multi-user RBAC with admin/viewer roles and user management

Add complete multi-user support with role-based access control:

Backend:
- Add users CRUD endpoints (GET/POST/PUT/DELETE /api/users) with admin-only guards
- Add display_name column to users table with ALTER TABLE migration
- Fix auth to use session-based user identity (not hardcoded 'admin')
- Add POST /api/auth/logout to revoke server-side sessions
- Add require_admin() and extract_session() helpers for clean RBAC
- Guard all mutating endpoints (clients, providers, models, settings, backup)

Frontend:
- Add Users management page with create/edit/reset-password/delete modals
- Add role gating: hide edit/delete buttons for viewers on clients, providers, models
- Settings page hides auth tokens and admin actions for viewers
- Logout now revokes server session before clearing localStorage
- Sidebar shows real display_name and formatted role (Administrator/Viewer)
- Fix sidebar header: single logo with onerror fallback, renamed to 'LLM Proxy'
- Add badge and btn-action CSS classes for role pills and action buttons
- Bump cache-bust to v=7

src/dashboard/models.rs

@@ -152,9 +152,14 @@ pub(super) async fn handle_get_models(
 
 pub(super) async fn handle_update_model(
     State(state): State<DashboardState>,
+    headers: axum::http::HeaderMap,
     Path(id): Path<String>,
     Json(payload): Json<UpdateModelRequest>,
 ) -> Json<ApiResponse<serde_json::Value>> {
+    if let Err(e) = super::auth::require_admin(&state, &headers).await {
+        return e;
+    }
+
     let pool = &state.app_state.db_pool;
 
     // Find provider_id for this model in registry