feat(rbac): harden authorization model and align RBAC UX with RAM-s…

[niiish32x]

…tyle workflows

Adopt a hybrid RBAC flow (direct user-role + group-role inheritance) and close critical permission gaps by enforcing server-side checks on
role/group/app mutations, cache invalidation, and group-role cleanup on deletion. Refactor RBAC management UI to RAM-like drawer-based interactions,
unify overlapping user/OAuth management paths, make system roles read-only with explicit view mode, and synchronize seeded system-role permissions so
viewer remains strictly read-only while retaining full agent resource visibility.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Snapshots:

Include snapshots for easier review.

Checklist:

• My code follows the style guidelines of this project
• I have already rebased the commits and make the commit message conform to the project standard.
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• Any dependent changes have been merged and published in downstream modules

[yhjun1026]

r+