feat(users): implement full user management CRUD

API endpoints (app/api/v1/admin/users.py):
- GET /users: Paginated list with search and filters
- POST /users: Create new user
- GET /users/{id}: Get user details with related counts
- PUT /users/{id}: Update user information
- PUT /users/{id}/status: Toggle active status
- DELETE /users/{id}: Delete user (with ownership check)

Pydantic schemas (models/schema/auth.py):
- UserCreate: For creating new users
- UserUpdate: For updating user information
- UserDetailResponse: Extended user details with counts
- UserListResponse: Paginated list response

Frontend:
- Updated users.html with server-side pagination and filters
- New user-create.html/js for user creation form
- New user-detail.html/js for viewing user details
- New user-edit.html/js for editing users

Routes added for user create, detail, and edit pages.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

models/schema/auth.py

@@ -59,3 +59,65 @@ class LoginResponse(BaseModel):
     token_type: str = "bearer"
     expires_in: int
     user: UserResponse
+
+
+class UserDetailResponse(UserResponse):
+    """Extended user response with additional details."""
+
+    first_name: str | None = None
+    last_name: str | None = None
+    full_name: str | None = None
+    is_email_verified: bool = False
+    owned_companies_count: int = 0
+    vendor_memberships_count: int = 0
+
+
+class UserUpdate(BaseModel):
+    """Schema for updating user information."""
+
+    username: str | None = Field(None, min_length=3, max_length=50)
+    email: EmailStr | None = None
+    first_name: str | None = Field(None, max_length=100)
+    last_name: str | None = Field(None, max_length=100)
+    role: str | None = Field(None, pattern="^(admin|vendor)$")
+    is_active: bool | None = None
+    is_email_verified: bool | None = None
+
+    @field_validator("username")
+    @classmethod
+    def validate_username(cls, v):
+        if v and not re.match(r"^[a-zA-Z0-9_]+$", v):
+            raise ValueError(
+                "Username must contain only letters, numbers, or underscores"
+            )
+        return v.lower().strip() if v else v
+
+
+class UserCreate(BaseModel):
+    """Schema for creating a new user (admin only)."""
+
+    email: EmailStr = Field(..., description="Valid email address")
+    username: str = Field(..., min_length=3, max_length=50)
+    password: str = Field(..., min_length=6, description="Password")
+    first_name: str | None = Field(None, max_length=100)
+    last_name: str | None = Field(None, max_length=100)
+    role: str = Field(default="vendor", pattern="^(admin|vendor)$")
+
+    @field_validator("username")
+    @classmethod
+    def validate_username(cls, v):
+        if not re.match(r"^[a-zA-Z0-9_]+$", v):
+            raise ValueError(
+                "Username must contain only letters, numbers, or underscores"
+            )
+        return v.lower().strip()
+
+
+class UserListResponse(BaseModel):
+    """Schema for paginated user list."""
+
+    items: list[UserResponse]
+    total: int
+    page: int
+    per_page: int
+    pages: int