Replace IsAdmin with role-based admin

Switch user admin handling from an AppUser boolean to ASP.NET Identity roles. Removed AppUser.IsAdmin and related configuration/model entries; added migration ReplaceIsAdminWithRoles to copy Users.IsAdmin=true into a persistent admin role and drop the IsAdmin column. CurrentUserResponse now exposes roles (string[]), AuthController returns ordered roles from UserManager, and IdentitySeedService now ensures the admin role exists and assigns/creates an initial admin user in that role. Program.cs registers an Admin-only policy (PolicyNames/RoleNames), adjusts cookie auth events to return 401/403 for API requests, and wires up authorization. Frontend updated to use roles: authSession normalizes roles, adds hasRole and ROLE_ADMIN, router and layout support meta.requiredRoles, and new Forbidden and AdminUsers pages/route are added. codexInfo.md updated to reflect the migration to role-based auth.

API/Controllers/Auth/AppUserController.cs

@@ -1,5 +1,5 @@
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Identity;
+using API.Security;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace API.Controllers.Auth
@@ -9,10 +9,10 @@ namespace API.Controllers.Auth
     public class AppUserController : ControllerBase
     {
         [HttpGet]
-        [Authorize]
-        public async Task<IActionResult> GetAppUsers()
+        [Authorize(Policy = PolicyNames.AdminOnly)]
+        public IActionResult GetAppUsers()
         {
-            return Ok();
+            return Ok(new { message = "Adminzugriff bestätigt." });
         }
     }
 }