Implement protected admin operations panel

[Zeinzeiya]

Issue

Closes #29

Summary

• Replaces the placeholder admin page with a protected operations dashboard for users, moderation, disputes, controls, metrics, and audit logs.
• Adds admin-only API routes with JWT role checks, workflow actions, notifications, and append-only audit entries.
• Adds a server-side admin proxy so access tokens stay out of rendered client HTML while the dashboard can refresh data and perform actions.
• Extends the Prisma schema with admin-friendly moderation, dispute, platform control, and audit models for future persistence.

Acceptance criteria

• Admin route is protected; non-admin/missing-token requests receive 403
• Admin role is verified server-side for admin APIs
• User table supports search, role/status/join-date filters, and pagination
• Admin can suspend, reinstate, or ban users
• Admin can view a user's active jobs and dispute history
• Moderation queue supports approve, reject, and escalate actions
• Rejected listings create a notification with a reason
• Disputes show thread, evidence, and transaction details
• Admin can rule for client, freelancer, refund, or escalation
• Revenue, active jobs, disputes, trust score, and flagged listing metrics are shown
• Platform controls toggle with confirmation and audit logging
• Audit log is append-only and filterable by admin, action, and date
• Dashboard handles initial load, manual refresh, loading states, empty states, and errors

Validation

• npm test
• npm run build -w apps/web
• Unauthenticated /admin returns 403
• Authenticated /admin/api/admin/metrics succeeds through the server-side proxy

[BossChaos]

Code Review — Bounty #30 ($750)

PR: Implement protected admin operations panel by @Zeinzeiya

• ✅ Admin panel implementation

Wallet: 0xdaE5d307339074A24F579dB48e7c639359D94904

Code review under Bounty #30 — API Benchmark Suite ($750)