feat: refactor role system to is_admin flag, add Badge component, fix native dialogs

- Separate admin identity from role: viewer|model + is_admin boolean flag
- DB migration 0001_is_admin: adds column, migrates former admin role users
- Update ACL helpers, auth session, GraphQL types and all resolvers
- Admin layout guard and header links check is_admin instead of role
- Admin users table: show Admin badge next to name, remove admin from role select
- Admin user edit page: is_admin checkbox toggle
- Install shadcn Badge component; use in admin users table
- Fix duplicate photo keys in adminGetUser resolver
- Replace confirm() in /me recordings with Dialog component

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/backend/src/lib/acl.ts

@@ -1,20 +1,18 @@
 import { GraphQLError } from "graphql";
 import type { Context } from "../graphql/builder";
 
-type UserRole = "viewer" | "model" | "admin";
-
 export function requireAuth(ctx: Context): void {
   if (!ctx.currentUser) throw new GraphQLError("Unauthorized");
 }
 
-export function requireRole(ctx: Context, ...roles: UserRole[]): void {
+export function requireAdmin(ctx: Context): void {
   requireAuth(ctx);
-  if (!roles.includes(ctx.currentUser!.role)) throw new GraphQLError("Forbidden");
+  if (!ctx.currentUser!.is_admin) throw new GraphQLError("Forbidden");
 }
 
 export function requireOwnerOrAdmin(ctx: Context, ownerId: string): void {
   requireAuth(ctx);
-  if (ctx.currentUser!.id !== ownerId && ctx.currentUser!.role !== "admin") {
+  if (ctx.currentUser!.id !== ownerId && !ctx.currentUser!.is_admin) {
     throw new GraphQLError("Forbidden");
   }
 }

packages/backend/src/lib/auth.ts

@@ -3,7 +3,8 @@ import Redis from "ioredis";
 export type SessionUser = {
   id: string;
   email: string;
-  role: "model" | "viewer" | "admin";
+  role: "model" | "viewer";
+  is_admin: boolean;
   first_name: string | null;
   last_name: string | null;
   artist_name: string | null;