Fix SEC-09: hide admin nav links from non-admin users

- Add IsAdmin bool to PageData (embedded in all page view structs)
- Remove redundant IsAdmin from DashboardData
- Add isAdmin() helper to derive admin status from request claims
- Set IsAdmin in all page-level handlers that populate PageData
- Wrap admin-only nav links in base.html with {{if .IsAdmin}}
- Add tests: non-admin dashboard/profile hide admin links,
  admin dashboard shows them

Security: navigation links to /accounts, /audit, /policies,
and /pgcreds are now only rendered for admin users. Server-side
authorization (requireAdminRole middleware) was already in place;
this change removes the information leak of showing links that
return 403 to non-admin users.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

internal/ui/handlers_accounts.go

@@ -39,7 +39,7 @@ func (u *UIServer) handleAccountsList(w http.ResponseWriter, r *http.Request) {
 	}
 
 	u.render(w, "accounts", AccountsData{
-		PageData: PageData{CSRFToken: csrfToken, ActorName: u.actorName(r)},
+		PageData: PageData{CSRFToken: csrfToken, ActorName: u.actorName(r), IsAdmin: isAdmin(r)},
 		Accounts: accounts,
 	})
 }
@@ -183,7 +183,7 @@ func (u *UIServer) handleAccountDetail(w http.ResponseWriter, r *http.Request) {
 	}
 
 	u.render(w, "account_detail", AccountDetailData{
-		PageData:          PageData{CSRFToken: csrfToken, ActorName: u.actorName(r)},
+		PageData:          PageData{CSRFToken: csrfToken, ActorName: u.actorName(r), IsAdmin: isAdmin(r)},
 		Account:           acct,
 		Roles:             roles,
 		AllRoles:          knownRoles,
@@ -790,7 +790,7 @@ func (u *UIServer) handlePGCredsList(w http.ResponseWriter, r *http.Request) {
 	}
 
 	u.render(w, "pgcreds", PGCredsData{
-		PageData:               PageData{CSRFToken: csrfToken, ActorName: u.actorName(r)},
+		PageData:               PageData{CSRFToken: csrfToken, ActorName: u.actorName(r), IsAdmin: isAdmin(r)},
 		Creds:                  creds,
 		UncredentialedAccounts: uncredentialed,
 		CredGrants:             credGrants,