feat: two-role system — super_admin & admin program (Fasa 12)

- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

database/migrations/2026_05_17_000001_replace_is_admin_with_role_on_users_table.php

@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->enum('role', ['super_admin', 'admin'])->default('admin')->after('password');
+        });
+
+        // Migrate existing is_admin=true rows to super_admin
+        DB::table('users')->where('is_admin', true)->update(['role' => 'super_admin']);
+
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('is_admin');
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->boolean('is_admin')->default(false)->after('password');
+        });
+
+        DB::table('users')->where('role', 'super_admin')->update(['is_admin' => true]);
+
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('role');
+        });
+    }
+};