feat: implement admin-users management with super admin restriction

- Add /admin/admin-users routes for managing admin users (super admin only)
- Remove vendor role from user creation form (vendors created via company hierarchy)
- Add admin-users.html and admin-user-detail.html templates
- Add admin-users.js and admin-user-detail.js for frontend logic
- Move database operations to admin_platform_service (list, get, create, delete, toggle status)
- Update sidebar to show Admin Users section only for super admins
- Add isSuperAdmin computed property to init-alpine.js
- Fix /api/v1 prefix issues in JS files (apiClient already adds prefix)
- Update architecture rule JS-012 to catch more variable patterns (url, endpoint, path)
- Replace inline SVGs with $icon() helper in select-platform.html

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.architecture-rules/frontend.yaml

@@ -358,11 +358,12 @@ javascript_rules:
       CORRECT:
         apiClient.get('/admin/vendors')
         apiClient.post('/admin/products')
-        const apiEndpoint = '/admin/vendors'
+        const url = '/admin/vendors'
 
       WRONG (causes double prefix /api/v1/api/v1/...):
         apiClient.get('/api/v1/admin/vendors')
-        const apiEndpoint = '/api/v1/admin/vendors'
+        const url = '/api/v1/admin/vendors'
+        const endpoint = '/api/v1/admin/products'
 
       Exception: Direct fetch() calls without apiClient should use full path.
 
@@ -371,9 +372,11 @@ javascript_rules:
       file_pattern: "static/**/js/**/*.js"
       anti_patterns:
         - "apiClient\\.(get|post|put|delete|patch)\\s*\\(\\s*['\"`]/api/v1"
-        - "apiEndpoint.*=.*['\"`]/api/v1"
+        - "(const|let|var)\\s+(url|endpoint|apiEndpoint|apiUrl|path)\\s*=\\s*['\"`]/api/v1"
+        - "\\$\\{.*\\}/api/v1"
       exceptions:
         - "init-api-client.js"
+        - "api-client.js"
 
 # ============================================================================
 # TEMPLATE RULES (Jinja2)