feat(auth): introduce explicit planning read permission

packages/db/src/reset-dispo-import.ts

@@ -6,6 +6,7 @@ import { SystemRole } from "@capakraken/shared";
 import { PrismaClient } from "@prisma/client";
 import { assertDestructiveDbAllowed } from "./destructive-db-guard.js";
 import { loadWorkspaceEnv, resolveWorkspacePath } from "./load-workspace-env.js";
+import { buildSystemRoleConfigSeedData } from "./system-role-config-defaults.js";
 
 loadWorkspaceEnv();
 
@@ -139,6 +140,20 @@ async function bootstrapPlatform(adminEmail: string, adminPassword: string, admi
     },
   });
 
+  for (const config of buildSystemRoleConfigSeedData()) {
+    await prisma.systemRoleConfig.upsert({
+      where: { role: config.role },
+      update: {
+        label: config.label,
+        description: config.description,
+        defaultPermissions: config.defaultPermissions,
+        color: config.color,
+        sortOrder: config.sortOrder,
+      },
+      create: config,
+    });
+  }
+
   return admin;
 }