Add statistics route, permissions, and sidebar entry

- /statistics route and PagePaths.statistics
- Permission sets: viewer and admin can access /statistics
- Sidebar link with can_access_page check
- Plug and sidebar tests updated

Co-authored-by: Cursor <cursoragent@cursor.com>

test/mv_web/plugs/check_page_permission_test.exs

@@ -107,6 +107,37 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
     end
   end
 
+  describe "statistics route /statistics" do
+    test "read_only can access /statistics" do
+      user = Fixtures.user_with_role_fixture("read_only")
+      conn = conn_with_user("/statistics", user) |> CheckPagePermission.call([])
+
+      refute conn.halted
+    end
+
+    test "normal_user can access /statistics" do
+      user = Fixtures.user_with_role_fixture("normal_user")
+      conn = conn_with_user("/statistics", user) |> CheckPagePermission.call([])
+
+      refute conn.halted
+    end
+
+    test "admin can access /statistics" do
+      user = Fixtures.user_with_role_fixture("admin")
+      conn = conn_with_user("/statistics", user) |> CheckPagePermission.call([])
+
+      refute conn.halted
+    end
+
+    test "own_data cannot access /statistics" do
+      user = Fixtures.user_with_role_fixture("own_data")
+      conn = conn_with_user("/statistics", user) |> CheckPagePermission.call([])
+
+      assert conn.halted
+      assert redirected_to(conn) == "/users/#{user.id}"
+    end
+  end
+
   describe "read_only and normal_user denied on admin routes" do
     test "read_only cannot access /admin/roles" do
       user = Fixtures.user_with_role_fixture("read_only")