- Add BetterAuth admin plugin with admin/member role configuration
- Add banned/banReason/banExpires fields to users schema
- Gateway AdminModule: user list/create/role/ban/delete endpoints at /api/admin/users
- Gateway AdminHealthController: system health at /api/admin/health (DB, Valkey, agent pool, providers)
- AdminGuard: enforces admin role on all /api/admin/* routes
- Web admin page: two-tab UI (User Management + System Health)
- AdminRoleGuard: client-side redirect for non-admin users
- Add adminClient to web auth-client for BetterAuth admin plugin integration
- Add @mosaic/queue as gateway dep for Valkey health check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
