feat: implement role management LiveViews

Add complete CRUD interface for role management under /admin/roles.

- Index page with table showing name, description, permission_set_name, is_system_role
- Show page for role details
- Form component for create/edit with permission_set_name dropdown
- System role badge and disabled delete button
- Flash messages for success/error
- Authorization checks using MvWeb.Authorization helpers
- Comprehensive test coverage (22 tests)

Routes added under /admin scope. All LiveViews load user role
for authorization checks. Form uses custom dropdown for permission sets.

lib/mv_web/live/role_live/show.ex

@@ -0,0 +1,94 @@
+defmodule MvWeb.RoleLive.Show do
+  @moduledoc """
+  LiveView for displaying a single role's details.
+
+  ## Features
+  - Display role information (name, description, permission_set_name, is_system_role)
+  - Navigate to edit form
+  - Return to role list
+
+  ## Security
+  Only admins can access this page (enforced by authorization).
+  """
+  use MvWeb, :live_view
+
+  @impl true
+  def mount(%{"id" => id}, _session, socket) do
+    # Ensure current_user has role loaded for authorization checks
+    socket =
+      if socket.assigns[:current_user] do
+        user = socket.assigns.current_user
+
+        user_with_role =
+          case Map.get(user, :role) do
+            %Ash.NotLoaded{} -> Ash.load!(user, :role, domain: Mv.Accounts)
+            nil -> Ash.load!(user, :role, domain: Mv.Accounts)
+            role when not is_nil(role) -> user
+          end
+
+        assign(socket, :current_user, user_with_role)
+      else
+        socket
+      end
+
+    role = Ash.get!(Mv.Authorization.Role, id, domain: Mv.Authorization)
+
+    {:ok,
+     socket
+     |> assign(:page_title, gettext("Show Role"))
+     |> assign(:role, role)}
+  end
+
+  @impl true
+  def render(assigns) do
+    ~H"""
+    <Layouts.app flash={@flash} current_user={@current_user}>
+      <.header>
+        {gettext("Role")} {@role.name}
+        <:subtitle>{gettext("Role details and permissions.")}</:subtitle>
+
+        <:actions>
+          <.button navigate={~p"/admin/roles"} aria-label={gettext("Back to roles list")}>
+            <.icon name="hero-arrow-left" />
+            <span class="sr-only">{gettext("Back to roles list")}</span>
+          </.button>
+          <%= if can?(@current_user, :update, Mv.Authorization.Role) do %>
+            <.button variant="primary" navigate={~p"/admin/roles/#{@role}/edit"}>
+              <.icon name="hero-pencil-square" /> {gettext("Edit Role")}
+            </.button>
+          <% end %>
+        </:actions>
+      </.header>
+
+      <.list>
+        <:item title={gettext("Name")}>{@role.name}</:item>
+        <:item title={gettext("Description")}>
+          <%= if @role.description do %>
+            {@role.description}
+          <% else %>
+            <span class="text-base-content/50 italic">{gettext("No description")}</span>
+          <% end %>
+        </:item>
+        <:item title={gettext("Permission Set")}>
+          <span class={permission_set_badge_class(@role.permission_set_name)}>
+            {@role.permission_set_name}
+          </span>
+        </:item>
+        <:item title={gettext("System Role")}>
+          <%= if @role.is_system_role do %>
+            <span class="badge badge-warning">{gettext("Yes")}</span>
+          <% else %>
+            <span class="badge badge-ghost">{gettext("No")}</span>
+          <% end %>
+        </:item>
+      </.list>
+    </Layouts.app>
+    """
+  end
+
+  defp permission_set_badge_class("own_data"), do: "badge badge-neutral badge-sm"
+  defp permission_set_badge_class("read_only"), do: "badge badge-info badge-sm"
+  defp permission_set_badge_class("normal_user"), do: "badge badge-success badge-sm"
+  defp permission_set_badge_class("admin"), do: "badge badge-error badge-sm"
+  defp permission_set_badge_class(_), do: "badge badge-ghost badge-sm"
+end