* Auto-grant full RBAC access to cue type creator on creation

When a user creates a new cue type, immediately grant them READ, WRITE,
and EXECUTE roles on that resource so they have per-instance access
without requiring a separate admin grant. Also sends a GET_CURRENT_RBAC
WebSocket message to the creator's active connections so both frontends
refresh their RBAC state without a reload.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix ruff formatting in test_cues.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

)

- app_server.py: override log_request() to include [username] in access
  log message and pass structured extra fields (username, user_id,
  remote_ip) so the server log buffer matches the existing client-log
  pattern
- base_controller.py: add _log_extra() helper; on_finish() appends
  [username] to request-body debug lines and passes structured extra
- logs_viewer.py: remove source == 'client' guard so username filter
  applies to both server and client log sources
- ws_controller.py: store current_username on instance after auth;
  include it in on_message/on_close logs and emit a new auth-success
  log line
- ConfigLogs.vue (both clients): remove v-if and source guards so the
  User filter field is always visible and always sent to the API
- test_logs_viewer.py: replace the 'ignored for server source' test
  with two new tests asserting correct server-source filter behaviour
- docs: add Log Viewer section to system config page

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add V2 user API with proper REST semantics + edit user feature

Introduces a versioned V2 API layer for user management, moving all existing
controllers into an explicit `api/v1/` package and adding `api/v2/` with RESTful
resource-oriented endpoints (GET/POST/PATCH/DELETE on `/api/v2/users`). Adds a new
edit-user feature allowing admins to toggle user admin status, wired into both the
Vue 2 and Vue 3 frontends with an extensible modal design (adding a new editable
field requires only one line in EDITABLE_FIELDS and one form group in the template).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Restructure test package to mirror controllers/api/ hierarchy

Moves all V1 controller tests from test/controllers/api/ into
test/controllers/api/v1/ (with auth/ subpackage), mirroring the
structure introduced when V1 controllers moved to controllers/api/v1/.
The existing test/controllers/api/v2/ tests remain in place.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Remove unnecessary V2 auth controllers; revert frontends to V1 auth

The V1 auth endpoints (login, logout, refresh-token, get current user)
already used correct HTTP verbs and needed no refactoring. The V2 duplicates
added no value and only increased maintenance burden. V2 remains exclusively
for user management endpoints where V1 violated REST conventions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Remove V2 password controllers; revert frontends to V1 password endpoints

Password change and reset endpoints already used correct HTTP verbs in V1
(PATCH and POST respectively) and contained no logic changes in V2 — only
a URL namespace move. Keeping only the V2 token controller where the POST
/revoke → DELETE fix was a genuine REST improvement.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>