…es for better security

This commit introduces a complete Role-Based Access Control (RBAC) system with a two-tiered admin structure and exposes all user management functionality through a secure REST API.

Key Features & Fixes:

- **SUPER_ADMIN Role:**
  - A `SUPER_ADMIN` role has been introduced to manage other `ADMIN` accounts, establishing a clear security hierarchy.
  - The endpoint for creating `ADMIN`s is now restricted to `SUPER_ADMIN`s only.

- **User Management API (`UserController`):**
  - A new `UserController` exposes endpoints for administrators to manage the entire user lifecycle:
    - List all users (`GET /api/v1/users`)
    - Get user details by username (`GET /api/v1/users/{username}`)
    - Enable/Disable user accounts (`POST /api/v1/users/{username}/enable|disable`)
    - Delete users (`DELETE /api/v1/users/{username}`)
  - All endpoints in `UserController` are secured, accessible only to `ADMIN` and `SUPER_ADMIN` roles.

- **Profile-Aware Data Seeding:**
  - The `DataSeeder` is now aware of the active Spring profile (`dev` vs. `prod`).
  - In the `dev` profile, it seeds a full set of test users (superadmin, admin, employees, customers).
  - In production, it safely seeds only the essential `SUPER_ADMIN` account.

- **Fix Unused Methods:**
  - This implementation connects all previously unused methods in `UserService` (e.g., `createAdmin`, `findAllUsers`, `enableUser`) to live API endpoints, resolving all related warnings.

… for consistency

…for improved efficiency

This commit introduces a full suite of user management features, fulfilling the administrative and self-service roadmap. Administrators can now manage the entire user lifecycle, and users can manage their own profiles and credentials through the API.

New Administrative Features (Admin/Super-Admin only):
- **Update User Details:** `PUT /api/v1/users/{username}` allows admins to change a user's username, email, and enabled status.
- **Reset Password:** `POST /api/v1/users/{username}/reset-password` allows admins to set a new password for any user.
- **Role Management:** `POST /api/v1/users/{username}/roles` allows admins to dynamically assign or revoke roles for any user.

New Self-Service Features (Authenticated Users):
- **Get Own Profile:** `GET /api/v1/users/me` allows a logged-in user to retrieve their own profile details securely.
- **Change Own Password:** `POST /api/v1/users/me/change-password` allows a user to change their password by providing their current one, enhancing security.

All new endpoints are integrated into the existing RBAC security model, with administrative functions protected and self-service functions accessible to all authenticated users.

…ponses

…lers

- Improve  error handling and responses\n- Adjust security rules in  to allow correct path matching and bean wiring\n- Clean up controller logic in  and  to follow conventions and reduce NPE risk\n\nThese changes address runtime warnings observed during local runs and make the auth-service controllers more robust. Verified compile was previously successful.

… failed attempts

…controllers

…options

…username

…n for authentication and user management endpoints

…tor for monitoring