feat(permissions): admin role/permission matrix + Gate::before super-admin

Phase 1 (additive, doesn't touch existing checks):
- Gate::before grants everything to holders of 'manage all' (the Admin role),
  robustly (returns true/null, never false; swallows missing-permission).
- New RolePermissionManager Livewire component + view at /admin/permissions:
  editable Roles x Permissions matrix (toggle saves instantly), create/delete
  roles, create/delete permissions. Admin role and 'manage all' are protected.
- Link to the screen from /admin/users header.
Roles are editable from the UI as chosen.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

resources/views/admin/users.blade.php

@@ -5,10 +5,15 @@
                 {{ __('Users') }}
             </h2>
             
-            <a href="{{ route('admin.users.create') }}" class="btn btn-primary btn-sm gap-1" wire:navigate>
-                <x-heroicon-o-plus class="w-4 h-4" /> {{ __('New user') }}
-            </a>
-            
+            <div class="flex items-center gap-2">
+                <a href="{{ route('admin.permissions') }}" class="btn btn-outline btn-sm gap-1" wire:navigate>
+                    <x-heroicon-o-shield-check class="w-4 h-4" /> {{ __('Permissions') }}
+                </a>
+                <a href="{{ route('admin.users.create') }}" class="btn btn-primary btn-sm gap-1" wire:navigate>
+                    <x-heroicon-o-plus class="w-4 h-4" /> {{ __('New user') }}
+                </a>
+            </div>
+
         </div>
     </x-slot>