feat(core) : RBAC Task 3 - mutation User (isAdmin + roles RBAC + permissions directes)

- Suppression de la colonne JSON roles (persiste jusqu'a la migration Task 5)
- Ajout is_admin bool (seul levier de bypass RBAC via getRoles())
- Ajout ManyToMany User-Role (EAGER, table user_role)
- Ajout ManyToMany User-Permission directes (EAGER, table user_permission)
- getEffectivePermissions() : union dedupliquee triee, utilisee par le
  futur PermissionVoter (#345)
- getRbacRoles() pour ne pas shadow getRoles() de UserInterface Symfony
- Tests unitaires couvrant derivation getRoles, union, deduplication, tri

Ticket #343 - 3/7 : migration du User vers le modele RBAC relationnel.
Fetch EAGER documente : evite le lazy-load au refresh JWT.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/Module/Core/Infrastructure/DataFixtures/AppFixtures.php

@@ -17,21 +17,20 @@ class AppFixtures extends Fixture
 
     public function load(ObjectManager $manager): void
     {
+        // TODO Task 6 : cette fixture sera refactoree pour attacher les entites Role RBAC.
         $admin = new User();
         $admin->setUsername('admin');
-        $admin->setRoles(['ROLE_ADMIN']);
+        $admin->setIsAdmin(true);
         $admin->setPassword($this->passwordHasher->hashPassword($admin, 'admin'));
         $manager->persist($admin);
 
         $alice = new User();
         $alice->setUsername('alice');
-        $alice->setRoles(['ROLE_USER']);
         $alice->setPassword($this->passwordHasher->hashPassword($alice, 'alice'));
         $manager->persist($alice);
 
         $bob = new User();
         $bob->setUsername('bob');
-        $bob->setRoles(['ROLE_USER']);
         $bob->setPassword($this->passwordHasher->hashPassword($bob, 'bob'));
         $manager->persist($bob);