feat(absences) : avancement module absences + suppression du portail client

Deux lots regroupés sur la branche feat/absence-management.

Suppression complète du portail client :
- retire ROLE_CLIENT (security.yaml) ; User::getRoles() ajoute toujours ROLE_USER
- supprime l'entité ClientTicket (+ repo, states, relations), User.client et
  User.allowedProjects, NotificationService, ProjectAllowedExtension, le bloc
  ROLE_CLIENT de MailAccessChecker
- front : pages /portal, layout portal, composants client-ticket/,
  AdminClientTicketTab, services/dto/i18n/docs associés
- fixtures : retire les users client-liot / client-acme
- migration Version20260522110000 (drop client_ticket, user_allowed_projects,
  colonnes liées ; task_document.task_id -> NOT NULL)
- tests : retire les cas obsolètes testant le blocage des clients sur le mail

Module gestion des absences (WIP) :
- entités / migrations (Version20260521160000, Version20260522090000)
- pages absences.vue / team-absences.vue, composants frontend/components/absence/
- services front, AccrueLeaveCommand, PublicHolidayController

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/Controller/Absence/PublicHolidayController.php

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Absence;
+
+use App\Service\PublicHolidayProvider;
+use DateTimeImmutable;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+/**
+ * Exposes French public holidays so the front (calendar, date pickers) can
+ * display them — the dates are computed server-side in pure PHP.
+ */
+class PublicHolidayController extends AbstractController
+{
+    public function __construct(
+        private readonly PublicHolidayProvider $holidayProvider,
+    ) {}
+
+    #[Route('/api/public_holidays', name: 'public_holidays', methods: ['GET'], priority: 1)]
+    #[IsGranted('ROLE_USER')]
+    public function __invoke(Request $request): JsonResponse
+    {
+        $fromRaw = (string) $request->query->get('from', '');
+        $toRaw   = (string) $request->query->get('to', '');
+
+        if ('' !== $fromRaw && '' !== $toRaw) {
+            $fromYear = (int) new DateTimeImmutable($fromRaw)->format('Y');
+            $toYear   = (int) new DateTimeImmutable($toRaw)->format('Y');
+        } else {
+            $fromYear = $toYear = (int) ($request->query->get('year') ?: date('Y'));
+        }
+
+        $holidays = [];
+        for ($year = $fromYear; $year <= $toYear; ++$year) {
+            $holidays += $this->holidayProvider->getHolidays($year);
+        }
+
+        return $this->json($holidays);
+    }
+}

src/Controller/TaskDocumentDownloadController.php

@@ -7,10 +7,8 @@ namespace App\Controller;
 use App\Entity\TaskDocument;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\BinaryFileResponse;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
-use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Http\Attribute\IsGranted;
@@ -19,7 +17,6 @@ class TaskDocumentDownloadController extends AbstractController
 {
     public function __construct(
         private readonly EntityManagerInterface $entityManager,
-        private readonly Security $security,
         private readonly string $uploadDir,
     ) {}
 
@@ -33,14 +30,6 @@ class TaskDocumentDownloadController extends AbstractController
             throw new NotFoundHttpException('Document not found.');
         }
 
-        // ROLE_CLIENT can only download documents from their own tickets
-        if (!$this->security->isGranted('ROLE_ADMIN') && !$this->security->isGranted('ROLE_USER')) {
-            $ticket = $document->getClientTicket();
-            if (null === $ticket || $ticket->getSubmittedBy() !== $this->security->getUser()) {
-                throw new AccessDeniedHttpException('You do not have access to this document.');
-            }
-        }
-
         $filePath = $this->uploadDir.'/'.$document->getFileName();
 
         if (!file_exists($filePath)) {