refactor(directory) : gate report actions via RBAC permissions + guard report deletion

- replace hardcoded ROLE_ADMIN check with usePermissions().can('directory.{clients,prospects}.manage')
- rename misleading isAdmin prop to canManage in CommercialReportTab and ReportDocumentList
- add busy guard on delete confirmation modal to prevent duplicate DELETE on double-click

frontend/modules/directory/components/ReportDocumentList.vue

@@ -15,7 +15,7 @@
                 {{ doc.originalName }}
             </a>
             <MalioButtonIcon
-                v-if="isAdmin"
+                v-if="canManage"
                 icon="mdi:trash-can-outline"
                 button-class="!text-red-600"
                 :aria-label="$t('common.delete')"
@@ -32,7 +32,7 @@
 import type { ReportDocument } from '~/modules/directory/services/dto/report-document'
 import { useReportDocumentService } from '~/modules/directory/services/report-documents'
 
-defineProps<{ documents: ReportDocument[], isAdmin: boolean }>()
+defineProps<{ documents: ReportDocument[], canManage: boolean }>()
 defineEmits<{ delete: [id: number] }>()
 
 const { getDownloadUrl } = useReportDocumentService()