feat(admin): web admin panel — user CRUD, role assignment, system health (#125)

- Add BetterAuth admin plugin with admin/member role configuration
- Add banned/banReason/banExpires fields to users schema
- Gateway AdminModule: user list/create/role/ban/delete endpoints at /api/admin/users
- Gateway AdminHealthController: system health at /api/admin/health (DB, Valkey, agent pool, providers)
- AdminGuard: enforces admin role on all /api/admin/* routes
- Web admin page: two-tab UI (User Management + System Health)
- AdminRoleGuard: client-side redirect for non-admin users
- Add adminClient to web auth-client for BetterAuth admin plugin integration
- Add @mosaic/queue as gateway dep for Valkey health check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/db/src/schema.ts

@@ -25,6 +25,9 @@ export const users = pgTable('users', {
   emailVerified: boolean('email_verified').notNull().default(false),
   image: text('image'),
   role: text('role').notNull().default('member'),
+  banned: boolean('banned').default(false),
+  banReason: text('ban_reason'),
+  banExpires: timestamp('ban_expires', { withTimezone: true }),
   createdAt: timestamp('created_at', { withTimezone: true }).notNull().defaultNow(),
   updatedAt: timestamp('updated_at', { withTimezone: true }).notNull().defaultNow(),
 });