feat: Phase 1c — Platform Admin Dashboard

Full super-admin dashboard for SaaS platform management:

Backend (10 files):
- Migration 003: Add is_super_admin column to users table
- JWT Claims: Carry is_super_admin through access tokens
- SuperAdmin extractor: Axum FromRequestParts that rejects non-admins (403)
- Admin API module: 10 endpoints behind /api/admin/*
  - GET /stats (KPIs: licenses, users, MRR, servers, signups)
  - GET/POST /licenses (paginated, filterable, manual generation)
  - GET/PATCH /licenses/:id (detail view, revoke/activate)
  - GET /subscriptions (module sub list with MRR breakdown)
  - GET/PATCH /users (paginated, toggle admin, disable accounts)
  - GET /servers (fleet overview across all licenses)
  - GET /health (DB pool, NATS status, table row counts)
- Bootstrap updated: first user gets is_super_admin = true

Frontend (8 files):
- 5 admin views in src/views/platform-admin/
- DashboardLayout: "Platform" nav section (gated on isSuperAdmin)
- Router: /admin/* routes with superAdmin meta guard
- Auth store: isSuperAdmin computed property
- Types: is_super_admin on User interface

Build: 80 chunks, zero TS errors, clean production build.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/src/models/auth.rs

@@ -27,6 +27,7 @@ pub struct Claims {
     pub email: String,
     pub license_id: Option<Uuid>,
     pub role: Option<String>,
+    pub is_super_admin: bool,
     pub exp: i64,
     pub iat: i64,
     pub token_type: String, // "access" or "refresh"
@@ -56,6 +57,7 @@ pub struct UserPublic {
     pub username: String,
     pub totp_enabled: bool,
     pub email_verified: bool,
+    pub is_super_admin: bool,
 }
 
 /// Registration request