Add protected admin dashboard

[Spbd1]

Motivation

• Provide a simple, browser-accessible admin dashboard so a researcher can view submission counts, recent records, and download JSON/CSV without adding a full auth system.
• Keep the implementation minimal and safe by using a bearer ADMIN_EXPORT_TOKEN guard and avoiding storing the token in the page source.

Description

• Add a server-rendered /admin page with robots: { index: false } and a client component AdminDashboard that prompts for an “Admin export token” and uses sessionStorage by default with an optional localStorage "Remember for this browser" checkbox.
• Add GET /api/admin/stats protected by the existing bearer-token check (validateAdminRequest) and wire the dashboard to fetch /api/admin/stats and /api/admin/submissions?limit=20 after token entry.
• Implement getAdminStats() in lib/adminSubmissions.ts to aggregate total/completed submissions, high/low coverage counts, first/last submission timestamps, and averages computed from payload.computedMetrics, and expose adminStatsJson() for the endpoint.
• Add JSON/CSV browser download buttons that call /api/admin/submissions?limit=500 and /api/admin/submissions.csv with the bearer token, copyable curl examples, user-facing error messages for invalid token or DB unavailability, and a link back to /; update README.md to document the /admin dashboard and security guidance.

Testing

• Ran git diff --check which returned no problems.
• Attempted npm run typecheck and npm run lint and npm run build, but installation/build/typecheck were blocked in this environment because npm install failed with a registry 403 for @prisma/client, so TypeScript reported missing modules and next was not available.
• Because dependencies could not be installed, automated lint/build/typecheck checks could not complete and manual token validation in a running server was not performed.

---

Codex Task