Feat/add role permission helpers

[AAdewunmi]

Summary

Add reusable role permission helpers and align role access with the current StudyBuddy user-role relationship.

Changes

• Added role-aware helper coverage for user_has_role and user_has_any_role.
• Fixed permission helpers to use user.studybuddy_roles.
• Confirmed anonymous users fail role checks.
• Confirmed superusers pass role checks.
• Kept role checks out of templates by passing display-only role context from views.
• Updated authentication/access-control documentation to describe the current role model, routes, dashboard flow, and permission helper behavior.

Behavior

• Role checks now use the correct studybuddy_roles relation.
• Future role-aware views can enforce access through permission helpers/decorators.
• Templates only display role data passed by views and do not perform permission decisions.

Why

This prepares StudyBuddy for future role-aware product features while keeping authorization logic centralized in Python instead of scattered through templates.

Validation

• Roles tests passed.
• Auth view tests passed.
• Black passed.
• Ruff passed.
• Full test suite passed.

Result

StudyBuddy now has a tested role-permission foundation that matches the current custom user and role models and is ready for future access-controlled features.

Notes

• role_required() is available for future protected views, but no Sprint 1 dashboard access depends on roles yet.
• The dashboard remains login-protected, not role-protected.
• Role display in dashboard/profile is presentation only.
• Permission decisions should stay in views, decorators, or service code using apps.roles.permissions.
• The current user-side role relation is user.studybuddy_roles, not user.roles.
• Full suite currently passes with 43 passed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!