feat(auth): add role/permission management (backend + frontend)

- RoleService: CRUD, assign_permissions, get_role_permissions
- PermissionService: list all tenant permissions
- Role handlers: 8 endpoints with RBAC permission checks
- Frontend Roles page: table, create/edit modal, permission assignment
- Frontend Roles API: full CRUD + permission operations
- Routes registered in AuthModule protected_routes

apps/web/src/App.tsx

@@ -5,6 +5,7 @@ import zhCN from 'antd/locale/zh_CN';
 import MainLayout from './layouts/MainLayout';
 import Login from './pages/Login';
 import Home from './pages/Home';
+import Roles from './pages/Roles';
 import { useAuthStore } from './stores/auth';
 import { useAppStore } from './stores/app';
 
@@ -40,7 +41,7 @@ export default function App() {
                   <Routes>
                     <Route path="/" element={<Home />} />
                     <Route path="/users" element={<div>用户管理（开发中）</div>} />
-                    <Route path="/roles" element={<div>权限管理（开发中）</div>} />
+                    <Route path="/roles" element={<Roles />} />
                     <Route path="/settings" element={<div>系统设置（开发中）</div>} />
                   </Routes>
                 </MainLayout>