feat: role-based ACL + admin management UI

Backend:
- Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers
- Gate premium videos from unauthenticated users in videos query/resolver
- Fix updateVideoPlay to verify ownership before updating
- Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser
- Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos
- Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles
- Add deleteComment mutation (owner or admin only)
- Add AdminUserListType to GraphQL types
- Fix featured filter on articles query

Frontend:
- Install marked for markdown rendering
- Add /admin/* section with sidebar layout and admin-only guard
- Admin users page: paginated table with search, role filter, inline role change, delete
- Admin videos pages: list, create form, edit form with file upload and model assignment
- Admin articles pages: list, create form, edit form with split-pane markdown editor
- Add admin nav link in header (desktop + mobile) for admin users
- Render article content through marked in magazine detail page
- Add all admin GraphQL service functions to services.ts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/frontend/src/lib/components/header/header.svelte

@@ -109,6 +109,22 @@
               <span class="sr-only">{$_("header.play")}</span>
             </Button>
 
+            {#if authStatus.user?.role === "admin"}
+              <Button
+                variant="link"
+                size="icon"
+                class={`h-9 w-9 rounded-full p-0 relative text-foreground/80 group ${isActiveLink({ href: "/admin" }) ? "text-foreground" : "hover:text-foreground"}`}
+                href="/admin/users"
+                title="Admin"
+              >
+                <span class="icon-[ri--settings-3-line] h-4 w-4"></span>
+                <span
+                  class={`absolute -bottom-1 left-0 w-0 h-0.5 bg-gradient-to-r from-primary to-accent transition-all duration-300 ${isActiveLink({ href: "/admin" }) ? "w-full" : "group-hover:w-full"}`}
+                ></span>
+                <span class="sr-only">Admin</span>
+              </Button>
+            {/if}
+
             <Separator orientation="vertical" class="mx-1 h-6 bg-border/50" />
 
             <LogoutButton
@@ -265,6 +281,27 @@
             </div>
             <span class="icon-[ri--arrow-right-s-line] h-4 w-4 text-muted-foreground"></span>
           </a>
+
+          {#if authStatus.user?.role === "admin"}
+            <a
+              class={`flex items-center gap-3 rounded-xl border px-4 py-3 transition-all duration-200 group hover:border-primary/30 hover:bg-primary/5 ${isActiveLink({ href: "/admin" }) ? "border-primary/40 bg-primary/8" : "border-border/40 bg-card/50"}`}
+              href="/admin/users"
+              onclick={closeMenu}
+            >
+              <div
+                class="flex h-8 w-8 items-center justify-center rounded-lg bg-muted/60 group-hover:bg-primary/10 transition-colors"
+              >
+                <span
+                  class="icon-[ri--settings-3-line] h-4 w-4 text-muted-foreground group-hover:text-primary transition-colors"
+                ></span>
+              </div>
+              <div class="flex flex-1 flex-col gap-0.5">
+                <span class="text-sm font-medium text-foreground">Admin</span>
+                <span class="text-xs text-muted-foreground">Manage content</span>
+              </div>
+              <span class="icon-[ri--arrow-right-s-line] h-4 w-4 text-muted-foreground"></span>
+            </a>
+          {/if}
         {:else}
           <a
             class={`flex items-center gap-3 rounded-xl border px-4 py-3 transition-all duration-200 group hover:border-primary/30 hover:bg-primary/5 ${isActiveLink({ href: "/login" }) ? "border-primary/40 bg-primary/8" : "border-border/40 bg-card/50"}`}