feat(permissions) : add role-based UI guards and readonly mode for viewers

- Add usePermissions composable (isAdmin, canEdit, canView)
- Password-protected profile login with modal on profiles page
- Disable all form fields for ROLE_VIEWER across edit/create pages
- Show navigation buttons (Modifier/Consulter) for all roles, hide delete for viewers
- Add readonly prop to ModelTypeForm for category pages
- Disable modal fields (sites, constructeurs) for viewers
- Guard /admin routes in middleware

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/pages/machines/index.vue

@@ -118,7 +118,7 @@
               <button class="btn btn-sm btn-outline" @click.stop="editMachine(machine)">
                 Modifier
               </button>
-              <button class="btn btn-sm btn-error" @click.stop="confirmDeleteMachine(machine)">
+              <button v-if="canEdit" class="btn btn-sm btn-error" @click.stop="confirmDeleteMachine(machine)">
                 Supprimer
               </button>
               <NuxtLink :to="`/machine/${machine.id}`" class="btn btn-sm btn-primary">
@@ -144,6 +144,7 @@ import IconLucideMapPin from '~icons/lucide/map-pin'
 import IconLucideSettings2 from '~icons/lucide/settings-2'
 import IconLucideTag from '~icons/lucide/tag'
 
+const { canEdit } = usePermissions()
 const { machines, loading, loadMachines, deleteMachine } = useMachines()
 const { sites, loadSites } = useSites()
 const { machineTypes, loadMachineTypes } = useMachineTypesApi()

app/pages/machines/new.vue

@@ -30,6 +30,7 @@
                   type="text"
                   placeholder="Ex: Presse hydraulique #1"
                   class="input input-bordered"
+                  :disabled="!canEdit"
                   required
                 >
               </div>
@@ -38,7 +39,7 @@
                 <label class="label" for="machine-field-site">
                   <span class="label-text">Site</span>
                 </label>
-                <select id="machine-field-site" v-model="c.newMachine.siteId" class="select select-bordered" required>
+                <select id="machine-field-site" v-model="c.newMachine.siteId" class="select select-bordered" :disabled="!canEdit" required>
                   <option value="">
                     Sélectionner un site
                   </option>
@@ -58,6 +59,7 @@
                   v-model="c.newMachine.typeMachineId"
                   :options="c.machineTypes"
                   :loading="c.machineTypesLoading"
+                  :disabled="!canEdit"
                   placeholder="Rechercher un type…"
                   empty-text="Aucun type trouvé"
                   :option-label="c.machineTypeLabel"
@@ -74,6 +76,7 @@
                   type="text"
                   placeholder="Ex: PRESS-001"
                   class="input input-bordered"
+                  :disabled="!canEdit"
                 >
               </div>
             </div>
@@ -171,7 +174,7 @@
               <button
                 type="submit"
                 class="btn btn-primary"
-                :disabled="!c.canCreateMachine || c.submitting"
+                :disabled="!canEdit || !c.canCreateMachine || c.submitting"
                 :class="{ loading: c.submitting }"
               >
                 Créer la machine
@@ -194,4 +197,5 @@ import RequirementProductSelector from '~/components/machine/create/RequirementP
 import MachineCreatePreview from '~/components/machine/create/MachineCreatePreview.vue'
 
 const c = proxyRefs(useMachineCreatePage())
+const { canEdit } = usePermissions()
 </script>