feat: RBAC E2E тесты и фикс admin-прав для редактирования постов

Основные изменения:
- Добавлены E2E тесты для проверки ownership (TC-E2E-102/103):
  * test_admin_can_edit_any_post — admin может редактировать любой пост
  * test_user_cannot_edit_other_users_post — user не может редактировать чужой пост
- Исправлены use cases (UpdatePost, DeletePost, PublishPost) — добавлена проверка роли admin
- Обновлены web routes и API routes для передачи роли в use cases
- Добавлены unit тесты для admin-сценариев

Реструктуризация тестов:
- Удалены старые API тесты (tests/api/) — требуют переработки
- Удалены старые integration тесты (tests/integration/)
- Переработаны E2E тесты: удалены старые, добавлены новые с POM
- Добавлена документация тестов: FEATURE_*.md, TEST_MODEL.md, AGENTS.md

Инфраструктура:
- Добавлен MockKeycloakClient для dev-режима
- Добавлены статические файлы: EasyMDE, Highlight.js, стили markdown
- Обновлены шаблоны: base.html, post_form.html, post_detail.html
- Обновлена DI конфигурация и провайдеры

Документация:
- tests/FEATURE_RBAC.md — матрица тестов RBAC
- tests/FEATURE_POST_LIFECYCLE.md — тесты жизненного цикла поста
- tests/FEATURE_DOMAIN_FOUNDATION.md — тесты доменного слоя
- tests/FEATURE_INFRASTRUCTURE.md — тесты инфраструктуры
- tests/TEST_MODEL.md — глобальная матрица покрытия
- app/presentation/web/AGENTS.md — гайд по Web UI
- tests/AGENTS.md — гайд по тестированию

app/application/use_cases/publish_post.py

@@ -11,6 +11,7 @@ from app.application.interfaces import TransactionManager
 from app.domain.entities import Post
 from app.domain.exceptions import ForbiddenException, NotFoundException
 from app.domain.repositories import PostRepository
+from app.domain.roles import Role
 
 
 class PublishPostUseCase:
@@ -42,25 +43,31 @@ class PublishPostUseCase:
         self._post_repo = post_repo
         self._tx_manager = tx_manager
 
-    async def publish(self, post_id: UUID, current_user_id: str) -> PostResponseDTO:
+    async def publish(
+        self,
+        post_id: UUID,
+        current_user_id: str,
+        current_role: Role = Role.USER,
+    ) -> PostResponseDTO:
         """Publish a post.
 
         Args:
             post_id: Unique identifier of the post.
             current_user_id: ID of the user requesting publication.
+            current_role: Role of the requesting user (default USER).
 
         Returns:
             PostResponseDTO with updated post data.
 
         Raises:
             NotFoundException: If post with given ID does not exist.
-            ForbiddenException: If user is not the post author.
+            ForbiddenException: If user is not the post author and not admin.
         """
         post = await self._post_repo.get_by_id(post_id)
         if not post:
             raise NotFoundException(f"Post with id '{post_id}' not found")
 
-        if post.author_id != current_user_id:
+        if current_role != Role.ADMIN and post.author_id != current_user_id:
             raise ForbiddenException("You can only publish your own posts")
 
         post.publish()
@@ -69,25 +76,31 @@ class PublishPostUseCase:
 
         return self._map_to_dto(post)
 
-    async def unpublish(self, post_id: UUID, current_user_id: str) -> PostResponseDTO:
+    async def unpublish(
+        self,
+        post_id: UUID,
+        current_user_id: str,
+        current_role: Role = Role.USER,
+    ) -> PostResponseDTO:
         """Unpublish a post.
 
         Args:
             post_id: Unique identifier of the post.
             current_user_id: ID of the user requesting unpublish.
+            current_role: Role of the requesting user (default USER).
 
         Returns:
             PostResponseDTO with updated post data.
 
         Raises:
             NotFoundException: If post with given ID does not exist.
-            ForbiddenException: If user is not the post author.
+            ForbiddenException: If user is not the post author and not admin.
         """
         post = await self._post_repo.get_by_id(post_id)
         if not post:
             raise NotFoundException(f"Post with id '{post_id}' not found")
 
-        if post.author_id != current_user_id:
+        if current_role != Role.ADMIN and post.author_id != current_user_id:
             raise ForbiddenException("You can only unpublish your own posts")
 
         post.unpublish()