feat: add multi-user RBAC with admin/viewer roles and user management

Add complete multi-user support with role-based access control:

Backend:
- Add users CRUD endpoints (GET/POST/PUT/DELETE /api/users) with admin-only guards
- Add display_name column to users table with ALTER TABLE migration
- Fix auth to use session-based user identity (not hardcoded 'admin')
- Add POST /api/auth/logout to revoke server-side sessions
- Add require_admin() and extract_session() helpers for clean RBAC
- Guard all mutating endpoints (clients, providers, models, settings, backup)

Frontend:
- Add Users management page with create/edit/reset-password/delete modals
- Add role gating: hide edit/delete buttons for viewers on clients, providers, models
- Settings page hides auth tokens and admin actions for viewers
- Logout now revokes server session before clearing localStorage
- Sidebar shows real display_name and formatted role (Administrator/Viewer)
- Fix sidebar header: single logo with onerror fallback, renamed to 'LLM Proxy'
- Add badge and btn-action CSS classes for role pills and action buttons
- Bump cache-bust to v=7

static/js/pages/providers.js

@@ -84,9 +84,11 @@ class ProvidersPage {
                     <button class="btn btn-secondary btn-sm" onclick="window.providersPage.testProvider('${provider.id}')">
                         <i class="fas fa-vial"></i> Test
                     </button>
+                    ${window._userRole === 'admin' ? `
                     <button class="btn btn-primary btn-sm" onclick="window.providersPage.configureProvider('${provider.id}')">
                         <i class="fas fa-cog"></i> Config
                     </button>
+                    ` : ''}
                 </div>
             </div>
         `;