fix(auth): implement cluster-specific role filtering in frontend UI

[mbaurin]

Hi @tchiotludo,

This PR fixes a critical UX issue in the frontend where cluster-specific permissions were not properly enforced in the UI, leading to confusing user experiences where admin buttons appeared on read-only clusters.

Problem

Users with different permission levels across clusters (e.g., admin on qa-kafka but read-only on pre-kafka) were seeing admin UI elements on ALL clusters. When they clicked admin buttons on read-only clusters, they received confusing "permission denied" errors. The backend correctly enforced permissions, but the frontend ignored cluster restrictions.

Root Cause

The organizeRoles() function in client/src/utils/converters.js:114-133 was aggregating ALL permissions across ALL clusters without considering the clusters configuration from each role, causing the frontend to show maximum permissions everywhere.

Solution

• Enhanced role processing: Modified organizeRoles() to preserve cluster information from
  backend AuthUser.AuthPermissions objects
• Added cluster-aware checking: New hasPermissionForCluster() function performs regex-based
  cluster pattern matching
• Updated all UI components: Replaced hardcoded role checks in routes, navigation, and
  components with cluster-specific permission validation
• Comprehensive test coverage: Added tests covering cluster patterns, backward compatibility,
  and edge cases
• Zero breaking changes: Maintains full backward compatibility with existing configurations

Key Changes

• converters.js: Enhanced organizeRoles() + added hasPermissionForCluster() utility
• AkhqRoutes.jsx: Updated 25+ route conditions to use cluster-aware permission checking
• Sidebar.jsx: Made all navigation menu items cluster-specific
• KsqlDBList.jsx: Fixed admin button visibility logic
• Comprehensive test suite with 6 new test cases

Testing

• All new tests pass (cluster patterns, backward compatibility)
• Frontend builds successfully without errors
• Existing functionality preserved for all current users
• No regression in authentication or authorization flows

User Experience After Fix

• Admin buttons only appear on clusters where user has admin rights
• Read-only clusters show only read-only UI elements
• No more confusing "permission denied" errors
• Consistent experience matching backend security enforcement

Closes #2366

[karolke99]

Hello,
I am looking for a solution to this issue and checked your PR. It seems that after implementing your changes I get

Uncaught TypeError: Cannot read properties of undefined (reading 'pathname')
    at qg.render (AkhqRoutes.jsx:143:35)

when trying to access the AKHQ instance.

It looks like the problem with this piece of code https://github.com/mbaurin/akhq/blob/d63f543426ca8ff91a5d986530caf7804fde2a9c/client/src/utils/AkhqRoutes.jsx#L143

Am I missing something?
Regards