feat: add user management system with roles and permissions

- Introduce SQLite persistence via GORM (stored at <data>/.ushare.db)
- Add Role model with two built-in roles: admin (all perms) and user (upload only)
- Add three permissions: user_manage, upload, token_manage (reserved)
- Rewrite UserManager: DB-backed login with in-memory session tokens
- Auto-seed default roles and admin user on first startup
- Add AuthPermission middleware for fine-grained permission checks
- Add /api/uauth/me endpoint for current session info
- Add /api/admin/* CRUD routes for user and role management
- Add admin console page (/admin) with user table and role permissions view
- Show admin console link in share page for users with user_manage permission

🤖 Generated with [Qoder][https://qoder.com]

.gitea/workflows/build.yaml

@@ -6,28 +6,17 @@ on:
 
 jobs:
   build ushare:
-    runs-on: tencent-sg
+    runs-on: debian
     steps:
       - name: prepare enviroment
         uses: actions/checkout@v4
 
-      - name: prints date
-        run: date '+%Y-%m-%dT%H:%M:%S'
-
-      - name: print operator
-        run: whoami
-
-      - name: print tag name
-        run: echo "Tag name = ${{ gitea.ref_name }}"
-
-      - name: build prepare config
+      - name: prints info
         run: |
-          cat << EOF > .docker.config.json
-          ${{ secrets.DOCKER_CONFIG }}
-          EOF
-
-      - name: print work dir and files
-        run: pwd & ls -alsh .
+          date '+%Y-%m-%dT%H:%M:%S'
+          whoami
+          echo "Tag name = ${{ gitea.ref_name }}"
+          pwd & ls -alsh .
 
       - name: build image by docker build
         run: docker build -t gitea.loveuer.com/loveuer/build/ushare:${{ gitea.ref_name }} .
@@ -38,22 +27,10 @@ jobs:
       - name: push image to repository
         run: docker push gitea.loveuer.com/loveuer/build/ushare:${{ gitea.ref_name }}
 
-#      - name: build by kaniko in docker
-#        run: |
-#          docker run --rm -v $(pwd):/workspace \
-#            -v $(pwd)/.docker.config.json:/kaniko/.docker/config.json:ro \
-#            alpine:latest \
-#            ls -alsh /workspace
-#            gcr.io/kaniko-project/executor:latest \
-#            --dockerfile=/workspace/Dockerfile \
-#            --context=/workspace \
-#            --destination=gitea.loveuer.com/loveuer/build/u-api:${{ gitea.ref_name }} \
-#            --single-snapshot
-
   clean:
     if: always()
-    runs-on: tencent-sg
+    runs-on: debian
     steps:
       - name: clean docker config
         run: |
-          rm -rf .docker.config.json
+          rm -rf .docker.config.json