feat: category scopes, group-admin role, and permission model

- Three category scopes: personal / group / system (watch)
- PascalCase-with-dashes naming convention enforced at backend + frontend
- is_group_admin flag on GroupMembership; PATCH endpoint for admins to toggle it
- Categories router: scope-based list/create/rename/delete with _check_can_manage_cat
- Documents router: delete uses is_admin + can_delete share flag + group-admin check; remove_category requires doc ownership; assign_category accepts group/system categories
- Proxy layers inject x-user-is-admin and x-user-admin-groups headers
- Frontend: ManageCategoriesDialog grouped by scope with lock icons; SourcePanel scope picker + client-side name validation; AdminGroupsPage group-admin checkbox

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/users.py

@@ -39,14 +39,17 @@ async def get_my_groups(
     current_user: User = Depends(get_current_user),
     db: AsyncSession = Depends(get_db),
 ):
-    """Return all groups the current user belongs to."""
+    """Return all groups the current user belongs to, including their admin status."""
     result = await db.execute(
-        select(Group)
+        select(Group, GroupMembership.is_group_admin)
         .join(GroupMembership, GroupMembership.group_id == Group.id)
         .where(GroupMembership.user_id == current_user.id)
         .order_by(Group.name)
     )
-    return result.scalars().all()
+    return [
+        UserGroupOut(id=g.id, name=g.name, description=g.description, is_group_admin=is_admin)
+        for g, is_admin in result.all()
+    ]
 
 
 @router.patch("/me/color-mode", response_model=UserOut)