feat(core) : RBAC #344 - API Platform Permission en lecture seule

- Expose l'entite Permission via ApiResource (GetCollection + Get uniquement)
- Serialisation limitee au groupe permission:read (id, code, label, module, orphan)
- Securite temporaire is_granted('ROLE_ADMIN'), a remplacer par
  is_granted('core.permissions.view') au ticket #345
- Filtres : SearchFilter exact sur module, BooleanFilter sur orphan
- Configure api_platform.mapping.paths pour que le compile pass AP decouvre
  les ApiResource/ApiFilter declares dans src/Module/Core/Domain/Entity
- Ajoute symfony/browser-kit et symfony/http-client en dev pour les tests
  fonctionnels API Platform, plus KERNEL_CLASS dans phpunit.dist.xml
- Tests fonctionnels PermissionApiTest : collection, get item, filtres
  module et orphan, 405 sur POST, 401 non authentifie, 403 non-admin

src/Module/Core/Domain/Entity/Permission.php

@@ -4,10 +4,33 @@ declare(strict_types=1);
 
 namespace App\Module\Core\Domain\Entity;
 
+use ApiPlatform\Doctrine\Orm\Filter\BooleanFilter;
+use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
+use ApiPlatform\Metadata\ApiFilter;
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\GetCollection;
 use App\Module\Core\Infrastructure\Doctrine\DoctrinePermissionRepository;
 use Doctrine\ORM\Mapping as ORM;
 use InvalidArgumentException;
+use Symfony\Component\Serializer\Attribute\Groups;
 
+#[ApiResource(
+    operations: [
+        new GetCollection(
+            normalizationContext: ['groups' => ['permission:read']],
+            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
+            security: "is_granted('ROLE_ADMIN')",
+        ),
+        new Get(
+            normalizationContext: ['groups' => ['permission:read']],
+            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
+            security: "is_granted('ROLE_ADMIN')",
+        ),
+    ],
+)]
+#[ApiFilter(SearchFilter::class, properties: ['module' => 'exact'])]
+#[ApiFilter(BooleanFilter::class, properties: ['orphan'])]
 #[ORM\Entity(repositoryClass: DoctrinePermissionRepository::class)]
 #[ORM\Table(name: 'permission')]
 #[ORM\UniqueConstraint(name: 'uniq_permission_code', columns: ['code'])]
@@ -18,18 +41,23 @@ class Permission
     #[ORM\Id]
     #[ORM\GeneratedValue]
     #[ORM\Column]
+    #[Groups(['permission:read'])]
     private ?int $id = null;
 
     #[ORM\Column(length: 255)]
+    #[Groups(['permission:read'])]
     private string $code;
 
     #[ORM\Column(length: 255)]
+    #[Groups(['permission:read'])]
     private string $label;
 
     #[ORM\Column(length: 100)]
+    #[Groups(['permission:read'])]
     private string $module;
 
     #[ORM\Column(options: ['default' => false])]
+    #[Groups(['permission:read'])]
     private bool $orphan = false;
 
     /**