feat: multi-user auth with role-based access

- Server checks PIN against env (super admin) + NocoDB Users table
- Session stores name + role (admin/viewer)
- Admin: sees Settings page (seasons + users management)
- Viewer: sees Dashboard + Comparison only, no Settings
- Users CRUD on Settings page: add name + PIN + role, delete
- Settings link + nav hidden for non-admin users

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/locales/en.json

@@ -166,7 +166,13 @@
     "endDate": "End Date",
     "actions": "Actions",
     "namePlaceholder": "e.g. Ramadan",
-    "add": "Add"
+    "add": "Add",
+    "delete": "Delete",
+    "users": "Users",
+    "usersHint": "Add users with a PIN code. Viewers can see the dashboard but not settings.",
+    "userName": "Name",
+    "userPin": "PIN",
+    "userRole": "Role"
   },
   "login": {
     "subtitle": "Enter your PIN to access the dashboard",