feat(phase4+5): role hierarchy, tenant config, fallback material, dead code removal

Phase 4.1 — Role Hierarchy:
  - UserRole enum: add global_admin (platform operator) + tenant_admin
    (per-tenant admin); keep legacy 'admin' for backward compat
  - Role sets: ADMIN_ROLES, TENANT_ADMIN_ROLES, PM_ROLES, RLS_BYPASS_ROLES
  - New auth guards: require_global_admin(), require_tenant_admin_or_above(),
    require_pm_or_above(), is_admin(), is_privileged()
  - Legacy require_admin / require_admin_or_pm now check both old+new roles
  - Migration 049: ADD VALUE global_admin + tenant_admin with AUTOCOMMIT
    workaround; backfills admin → global_admin
  - Seed: new admin users created with global_admin role

Phase 4.3 — RLS bypass updated for global_admin in get_db + set_tenant_context

Phase 4.4 — Tenant Feature Flags:
  - Migration 050: tenant_config JSONB on tenants table
  - Tenant model: tenant_config field + get_config() accessor
  - Defaults: max_concurrent_renders=3, fallback_material, invoice_prefix etc.

Phase 5.1 — Fallback Material:
  - blender_render.py: replace PALETTE_LINEAR/PALETTE_HEX/_assign_palette_material
    with _assign_failed_material() → SCHAEFFLER_059999_FailedMaterial (magenta)
  - Unmatched parts now logged explicitly before rendering

Phase 5.2 — Remove EEVEE fallback:
  - render_blender.py: EEVEE→Cycles silent retry removed; hard failure on EEVEE error

Phase 5.3 — Remove Blender version check:
  - render_blender.py: deleted MIN_BLENDER_VERSION = (5, 0, 1) constant

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/alembic/versions/049_role_hierarchy.py

@@ -0,0 +1,44 @@
+"""Extend UserRole enum: add global_admin and tenant_admin.
+
+Existing 'admin' users are backfilled to 'global_admin'.
+The legacy 'admin' value is kept in the enum so existing tokens/sessions
+remain valid during the transition period. It will be removed in a later
+cleanup migration once all call sites are updated.
+
+Revision ID: 049
+Revises: 048
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = "049"
+down_revision = "048"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # PostgreSQL requires ALTER TYPE ADD VALUE to be committed in its own transaction
+    # before the new value can be used.  Execute each ADD VALUE with AUTOCOMMIT.
+    conn = op.get_bind()
+
+    with conn.execution_options(isolation_level="AUTOCOMMIT"):
+        conn.execute(sa.text("ALTER TYPE userrole ADD VALUE IF NOT EXISTS 'global_admin'"))
+        conn.execute(sa.text("ALTER TYPE userrole ADD VALUE IF NOT EXISTS 'tenant_admin'"))
+
+    # Now in a normal transaction: backfill existing 'admin' → 'global_admin'
+    conn.execute(
+        sa.text("UPDATE users SET role = 'global_admin'::userrole WHERE role = 'admin'::userrole")
+    )
+
+
+def downgrade() -> None:
+    # Restore global_admin/tenant_admin back to admin (for rollback)
+    op.execute(
+        "UPDATE users SET role = 'admin'::userrole WHERE role = 'global_admin'::userrole"
+    )
+    op.execute(
+        "UPDATE users SET role = 'client'::userrole WHERE role = 'tenant_admin'::userrole"
+    )
+    # Note: cannot DROP enum values in PostgreSQL without recreating the type
+    # The values will remain in the enum but unused after downgrade

backend/alembic/versions/050_tenant_feature_flags.py

@@ -0,0 +1,46 @@
+"""Add tenant_config JSONB column to tenants table.
+
+Stores per-tenant feature flags and limits:
+  max_concurrent_renders, render_engines_allowed, fallback_material,
+  max_order_size, notifications_enabled, invoice_prefix.
+
+Revision ID: 050
+Revises: 049
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects.postgresql import JSONB
+
+revision = "050"
+down_revision = "049"
+branch_labels = None
+depends_on = None
+
+_DEFAULT_CONFIG = """{
+    "max_concurrent_renders": 3,
+    "render_engines_allowed": ["cycles", "eevee"],
+    "max_order_size": 500,
+    "fallback_material": "SCHAEFFLER_059999_FailedMaterial",
+    "notifications_enabled": true,
+    "invoice_prefix": "INV"
+}"""
+
+
+def upgrade() -> None:
+    op.add_column(
+        "tenants",
+        sa.Column(
+            "tenant_config",
+            JSONB,
+            nullable=True,
+            server_default=_DEFAULT_CONFIG,
+        ),
+    )
+    # Backfill existing rows with defaults
+    op.execute(
+        f"UPDATE tenants SET tenant_config = '{_DEFAULT_CONFIG}'::jsonb WHERE tenant_config IS NULL"
+    )
+
+
+def downgrade() -> None:
+    op.drop_column("tenants", "tenant_config")