feat: two-role system — super_admin & admin program (Fasa 12)

- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/Models/User.php

@@ -12,7 +12,7 @@ class User extends Authenticatable
     /** @use HasFactory<UserFactory> */
     use HasFactory, Notifiable;
 
-    protected $fillable = ['name', 'email', 'password', 'is_admin'];
+    protected $fillable = ['name', 'email', 'password', 'role'];
     protected $hidden   = ['password', 'remember_token'];
 
     protected function casts(): array
@@ -20,10 +20,24 @@ class User extends Authenticatable
         return [
             'email_verified_at' => 'datetime',
             'password'          => 'hashed',
-            'is_admin'          => 'boolean',
         ];
     }
 
+    public function isSuperAdmin(): bool
+    {
+        return $this->role === 'super_admin';
+    }
+
+    public function isAdminProgram(): bool
+    {
+        return $this->role === 'admin';
+    }
+
+    public function canAccessProgram(Program $program): bool
+    {
+        return $this->isSuperAdmin() || $program->created_by === $this->id;
+    }
+
     public function programs()
     {
         return $this->hasMany(Program::class, 'created_by');