feat(admin): add protected admin area shell and dashboard entry

[ibourgeois]

Goal

Add the first protected admin area that only admins can access.

Scope

• Admin-only route group
• Admin application entry in the left toolbar
• Starter admin dashboard page inside the shared shell

Out of Scope

• User management screens
• Notification management screens
• Impersonation flows

Acceptance Criteria

• Admins can access the admin dashboard
• Non-admins are denied access consistently
• The admin area uses the same shared shell and component system

Dependencies

• Depends on feat(shell): create application shell and navigation architecture #4, feat(ui): create the first branded Blade component set #6, feat(auth-ui): build custom auth pages in the shared design system #9, and feat(authz): install Bouncer and establish baseline RBAC #10

Test Plan

• Add feature tests for admin route protection
• Manually verify toolbar entry visibility by role