feat: implement RBAC role manager (#178)

[activatedkc]

Summary

Implements comprehensive Role-Based Access Control (RBAC) system to close #178.

Changes

Smart Contract:

• RoleManager contract with initialize, grant_role, revoke_role, has_permission, delegate_permission, revoke_delegation
• Multisig governance (propose/approve/execute) for sensitive actions
• Emergency pause capability
• Role change history tracking
• 22 passing tests covering all acceptance criteria

Shared Types:

• Role enum (Admin, Merchant, Subscriber, Auditor)
• Permission enum (26 granular permissions)
• RoleChangeEntry struct
• StorageKey::AccessControl variant

Storage:

• set_access_control / get_access_control contract address storage

Subscription Integration:

• require_permission() helper replacing direct admin.require_auth()
• Permission checks on: create_plan, deactivate_plan, subscribe, cancel_subscription, pause_subscription, resume_subscription

Frontend:

• Users & Roles tab (grant/revoke roles)
• Permissions tab (delegate permissions)
• Audit Log tab (role change history)
• Delegations tab (active delegations)

Testing

• 22 tests in access_control contract: initialization, roles, permissions, delegation, multisig, emergency, history, cleanup
• All tests pass

[drips-wave]

@activatedkc Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[Smartdevs17]

merge conflicts

[activatedkc]

Fixed @Smartdevs17