Implement complete identity model with default group, standard policies, and enhanced interfaces

[Copilot]

Implements the identity model per the WebExpress Development Guide: the authorization chain Identity → Group → Policy → Permission, a default "All" group, and the three standard policies.

Interface changes

• IIdentityGroup: Added Id and Name properties (previously only had Policies)
• IIdentityPolicyContext: Added Policy type property (symmetric with IIdentityPermissionContext.Permission)
• IIdentityManager: Added AllGroup property

Default "All" group

Every identity implicitly belongs to IdentityGroupAll. CheckAccess(identity, permission) now unions the identity's explicit groups with AllGroup before evaluating the chain:

public bool CheckAccess(IApplicationContext applicationContext, IIdentity identity, Type permission)
{
    var groups = (identity?.Groups ?? []).Append(AllGroup);
    return groups.Any(group => CheckAccess(applicationContext, group, permission));
}

The "All" group ships with the PublicAccess policy pre-assigned.

Standard policies

Three sealed IIdentityPolicy implementations in WebIdentity/:

• PublicAccess — access to public resources without authentication
• AuthenticatedAccess — general access for authenticated users
• SystemAccess — system-level operations (install, update, maintain)

All three carry [Name] and [Description] attributes pointing to i18n keys, with English and German translations added.

Tests

Four new tests covering AllGroup existence/properties, PublicAccess policy membership, and IIdentityGroup interface contract. Full suite passes (869/869).