feat: two-role system — super_admin & admin program (Fasa 12)

- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/Http/Middleware/EnsureIsAdmin.php

@@ -10,7 +10,9 @@ class EnsureIsAdmin
 {
     public function handle(Request $request, Closure $next): Response
     {
-        if (! $request->user()?->is_admin) {
+        $role = $request->user()?->role;
+
+        if (! in_array($role, ['super_admin', 'admin'])) {
             abort(403, 'Akses ditolak.');
         }