feat: document delete permissions + three-dots menu portal fix

- Add can_delete column to document_shares (migration 0005)
- Inject x-user-is-admin header from backend proxy to doc-service
- Add get_user_is_admin() dep in doc-service
- Delete endpoint now allows: owner, admin, or group member with can_delete=true
- Watch documents (user_id='watch') deletable by admins only
- DocumentOut gains viewer_can_delete (computed per-request)
- Share UI: 'Allow group members to delete' checkbox + trash badge on shares
- RowActionsMenu dropdown portaled to document.body — fixes overflow-hidden clipping
- Delete mutation onError handler — no more silent failures

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

features/doc-service/app/schemas/share.py

@@ -8,6 +8,7 @@ class DocumentShareOut(BaseModel):
     document_id: str
     group_id: str
     shared_by_user_id: str
+    can_delete: bool
     created_at: datetime
 
     model_config = {"from_attributes": True}
@@ -15,6 +16,7 @@ class DocumentShareOut(BaseModel):
 
 class DocumentShareCreate(BaseModel):
     group_id: str
+    can_delete: bool = False
 
 
 class SharedDocumentOut(BaseModel):
@@ -34,6 +36,7 @@ class SharedDocumentOut(BaseModel):
     categories: list = []
     source: str = "upload"
     share_count: int = 0
+    viewer_can_delete: bool = False
     # Sharing context
     shared_by_user_id: str
     shared_via_group_id: str