fix(saas): 统一权限体系 — check_permission 辅助函数 + admin:full 超级权限

- 新增 check_permission() 统一权限检查，admin:full 自动通过所有检查
- 统一种子角色权限名称与 handler 检查一致 (provider:manage, model:manage, config:write)
- super_admin 拥有 admin:full + 所有模块管理权限
- 全部 handler 迁移到 check_permission()，消除手动 contains 检查

crates/zclaw-saas/src/db.rs

@@ -200,8 +200,8 @@ CREATE INDEX IF NOT EXISTS idx_sync_account ON config_sync_log(account_id);
 const SEED_ROLES: &str = r#"
 INSERT OR IGNORE INTO roles (id, name, description, permissions, is_system, created_at, updated_at)
 VALUES
-    ('super_admin', '超级管理员', '拥有所有权限', '["admin:full"]', 1, datetime('now'), datetime('now')),
-    ('admin', '管理员', '管理账号和配置', '["account:read","account:write","model:read","model:write","relay:use","relay:admin","config:read","config:write"]', 1, datetime('now'), datetime('now')),
+    ('super_admin', '超级管理员', '拥有所有权限', '["admin:full","account:admin","provider:manage","model:manage","relay:admin","config:write"]', 1, datetime('now'), datetime('now')),
+    ('admin', '管理员', '管理账号和配置', '["account:read","account:admin","provider:manage","model:read","model:manage","relay:use","relay:admin","config:read","config:write"]', 1, datetime('now'), datetime('now')),
     ('user', '普通用户', '基础使用权限', '["model:read","relay:use","config:read"]', 1, datetime('now'), datetime('now'));
 "#;