test(user) : couvre le soft-delete + désarchivage admin et corrige les retours de review

- ajoute des tests fonctionnels (archive au DELETE, exclusion de la
  collection, listing/désarchivage admin, anti-auto-archivage) et un test
  unitaire du ArchivedUserChecker
- expose un filtre BooleanFilter `archived` + bypass admin dans
  ExcludeArchivedUserExtension pour lister les archivés (?archived=true)
- rend `archived` modifiable par un admin (groupe user:write + ApiProperty
  ROLE_ADMIN) → désarchivage possible via PATCH /api/users/{id}
- RestoreMissingUsersCommand : ne compte que les insertions réelles
  (ON CONFLICT DO NOTHING n'est plus comptabilisé à tort)
- relève memory_limit des tests à 512M (boot sérialiseur API Platform)

src/Module/Core/Domain/Entity/User.php

@@ -4,6 +4,8 @@ declare(strict_types=1);
 
 namespace App\Module\Core\Domain\Entity;
 
+use ApiPlatform\Doctrine\Orm\Filter\BooleanFilter;
+use ApiPlatform\Metadata\ApiFilter;
 use ApiPlatform\Metadata\ApiProperty;
 use ApiPlatform\Metadata\ApiResource;
 use ApiPlatform\Metadata\Delete;
@@ -64,6 +66,9 @@ use Symfony\Component\Serializer\Attribute\Groups;
     ],
     denormalizationContext: ['groups' => ['user:write']],
 )]
+// Archived users are hidden from the default /users collection by
+// ExcludeArchivedUserExtension; an admin can still list them with ?archived=true.
+#[ApiFilter(BooleanFilter::class, properties: ['archived'])]
 #[Auditable]
 #[ORM\Entity(repositoryClass: DoctrineUserRepository::class)]
 #[ORM\Table(name: '`user`')]
@@ -118,7 +123,8 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, SharedU
      * from selectable user lists.
      */
     #[ORM\Column(options: ['default' => false])]
-    #[Groups(['me:read', 'user:list'])]
+    #[ApiProperty(security: "is_granted('ROLE_ADMIN')")]
+    #[Groups(['me:read', 'user:list', 'user:write'])]
     private bool $archived = false;
 
     // --- HR / absence management fields (readable only by an admin or the user themselves) ---