Overhaul nav, fix DB transaction bugs, add admin UI

- Replace nav user area with display name (non-clickable), gear settings
  modal, admin button (admins only), and logout button
- Settings modal handles display name, timezone, and password change
- Add admin.html + admin.js: user table with reset PW, disable/enable,
  login-as (impersonation), and delete; return-to-admin flow in nav
- Add is_admin to UserResponse so frontend can gate the Admin button
- Fix all db.begin() bugs in admin.py and users.py (transaction already
  active from get_current_user query; use commit() directly instead)
- Add email-validator and pin bcrypt==4.0.1 for passlib compatibility
- Add escHtml() to api.js and admin API namespace
- Group nav brand + links in nav-left for left-aligned layout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/profile.html

@@ -10,8 +10,10 @@
 <body>
 
 <nav>
-  <a href="/index.html" class="nav-brand">🥃 Bourbonacci</a>
-  <div class="nav-links" id="nav-links"></div>
+  <div class="nav-left">
+    <a href="/index.html" class="nav-brand">🥃 Bourbonacci</a>
+    <div class="nav-links" id="nav-links"></div>
+  </div>
   <div id="nav-user"></div>
 </nav>
 
@@ -59,13 +61,6 @@
       <button type="submit" class="btn btn-primary" id="btn-pw">Update Password</button>
     </form>
   </div>
-
-  <!-- Danger -->
-  <div class="card" style="border-color:var(--danger-dim)">
-    <div class="card-title" style="color:#e07060">Danger Zone</div>
-    <p style="color:var(--cream-dim);font-size:.9rem;margin-bottom:1rem">Sign out of your account on this device.</p>
-    <button class="btn btn-danger" onclick="Auth.logout()">Logout</button>
-  </div>
 </main>
 
 <script src="/js/api.js"></script>