feat: add super-admin role with admin impersonation support

Add a new super-admin role that can impersonate other admins. Regular
admins retain all existing permissions but cannot impersonate other
admins or promote users to super-admin.

Backend changes:
- Add isSuperAdmin field to users table with default false
- Add isSuperAdmin() check function to auth service
- Update JWT tokens to include isSuperAdmin claim
- Allow super-admins to impersonate other admins
- Add security rules for super-admin role changes

Frontend changes:
- Display "Super Admin" badge with gradient styling
- Add "Super Admin" option to role change modal
- Enable impersonate button for super-admins targeting admins
- Add "Super Admins Only" filter option

Security rules:
- Only super-admins can promote/demote super-admins
- Regular admins cannot promote users to super-admin
- Super-admins cannot demote themselves
- Cannot demote the last super-admin

Co-Authored-By: Claude <noreply@anthropic.com>

drizzle/0004_overrated_havok.sql

@@ -0,0 +1,17 @@
+CREATE TABLE `auto_sync_settings` (
+	`user_id` integer PRIMARY KEY NOT NULL,
+	`lotw_enabled` integer DEFAULT false NOT NULL,
+	`lotw_interval_hours` integer DEFAULT 24 NOT NULL,
+	`lotw_last_sync_at` integer,
+	`lotw_next_sync_at` integer,
+	`dcl_enabled` integer DEFAULT false NOT NULL,
+	`dcl_interval_hours` integer DEFAULT 24 NOT NULL,
+	`dcl_last_sync_at` integer,
+	`dcl_next_sync_at` integer,
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+ALTER TABLE `users` ADD `is_super_admin` integer DEFAULT false NOT NULL;--> statement-breakpoint
+ALTER TABLE `users` ADD `last_seen` integer;