feat(commercial) : add client sub-resources processors (contacts/addresses/ribs)

Expose les sous-ressources Contacts / Adresses / RIB du repertoire clients
(M1, spec § 4.5) :

- 3 Processors dedies (ClientContactProcessor, ClientAddressProcessor,
  ClientRibProcessor) : normalisation serveur reutilisant ClientFieldNormalizer
  (RG-1.19 capitalize, RG-1.20 telephones chiffres, RG-1.21 emails/billingEmail
  lowercase) + regles metier.
- Operations API Platform :
  - POST /api/clients/{id}/contacts|addresses, PATCH/DELETE /api/client_contacts|addresses/{id}
    (security commercial.clients.manage)
  - POST /api/clients/{id}/ribs, PATCH/DELETE /api/client_ribs/{id}
    (security commercial.clients.accounting.manage)
  - GET item par sous-ressource (lecture unitaire) ; pas de GET collection
    autonome (lecture via le parent, non concernee par la pagination ERP-72).
- Regles de gestion :
  - RG-1.13 : DELETE du dernier RIB d'un client en reglement LCR -> 409.
  - RG-1.14 : DELETE du dernier contact d'un client -> 409 (completude front au M1).
  - RG-1.05 : prenom OU nom du contact obligatoire -> 422.
- Validations deja portees par l'entite et desormais exercees : Assert\Count(min:1)
  sur ClientAddress.sites (RG-1.10), Assert\Regex code postal (RG-1.09),
  Assert\Iban / Assert\Bic sur ClientRib.
- SiteReferenceDenormalizer : resout les IRIs /api/sites vers SiteInterface
  (meme pattern que CategoryReferenceDenormalizer, sans import cross-module).
- Ajout de symfony/intl, requis par Assert\Bic.

Tests : ClientSubResourceApiTest (13 cas) couvrant CRUD, normalisation,
RG-1.13/1.14, gating 403 sur client_ribs sans accounting.manage. Suite back
complete au vert (383 tests).

src/Module/Commercial/Domain/Entity/ClientRib.php

@@ -4,6 +4,13 @@ declare(strict_types=1);
 
 namespace App\Module\Commercial\Domain\Entity;
 
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Delete;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\Link;
+use ApiPlatform\Metadata\Patch;
+use ApiPlatform\Metadata\Post;
+use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientRibProcessor;
 use App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientRibRepository;
 use App\Shared\Domain\Attribute\Auditable;
 use App\Shared\Domain\Contract\BlamableInterface;
@@ -16,7 +23,7 @@ use Symfony\Component\Validator\Constraints as Assert;
 /**
  * Coordonnees bancaires d'un client (1:n) — onglet Comptabilite. Au moins un
  * RIB est obligatoire si le type de reglement du client est LCR (RG-1.13,
- * verifie au futur Processor).
+ * verifie au ClientRibProcessor : refus du DELETE du dernier RIB sous LCR).
  *
  * Audit (#[Auditable]) : TOUS les champs sont audites, y compris `iban` et
  * `bic` — AUCUN #[AuditIgnore] (decision Matthieu en revue MR 29/05/2026 :
@@ -25,8 +32,45 @@ use Symfony\Component\Validator\Constraints as Assert;
  *
  * Validation IBAN/BIC : Assert\Iban + Assert\Bic standard Symfony au M1
  * (HP-M2-14 : pas de controle externe banque reelle). Timestampable/Blamable
- * standard. Aucun ApiResource au M1.1 (sous-ressource branchee ulterieurement).
+ * standard.
+ *
+ * Sous-ressource API (ERP-57, spec § 4.5) — gating comptable renforce :
+ *  - POST /api/clients/{clientId}/ribs : creation rattachee au client parent
+ *    (Link toProperty 'client'), security commercial.clients.accounting.manage.
+ *  - PATCH / DELETE /api/client_ribs/{id} : security commercial.clients.accounting.manage.
+ *  - GET /api/client_ribs/{id} : lecture unitaire, security
+ *    commercial.clients.accounting.view (donnees bancaires sensibles). Pas de
+ *    GET collection autonome.
+ * Tout passe par le ClientRibProcessor (RG-1.13 sur DELETE).
  */
+#[ApiResource(
+    operations: [
+        new Get(
+            security: "is_granted('commercial.clients.accounting.view')",
+            normalizationContext: ['groups' => ['client_rib:read']],
+        ),
+        new Post(
+            uriTemplate: '/clients/{clientId}/ribs',
+            uriVariables: [
+                'clientId' => new Link(fromClass: Client::class, toProperty: 'client'),
+            ],
+            security: "is_granted('commercial.clients.accounting.manage')",
+            normalizationContext: ['groups' => ['client_rib:read']],
+            denormalizationContext: ['groups' => ['client_rib:write']],
+            processor: ClientRibProcessor::class,
+        ),
+        new Patch(
+            security: "is_granted('commercial.clients.accounting.manage')",
+            normalizationContext: ['groups' => ['client_rib:read']],
+            denormalizationContext: ['groups' => ['client_rib:write']],
+            processor: ClientRibProcessor::class,
+        ),
+        new Delete(
+            security: "is_granted('commercial.clients.accounting.manage')",
+            processor: ClientRibProcessor::class,
+        ),
+    ],
+)]
 #[ORM\Entity(repositoryClass: DoctrineClientRibRepository::class)]
 #[ORM\Table(name: 'client_rib')]
 #[ORM\Index(name: 'idx_client_rib_client', columns: ['client_id'])]