feat: add multi-BU tenancy with per-user team scoping (Option B)

- Add bu_teams column to users table (migration + fresh schema)
- Create shared KNOWN_TEAMS constant and validateTeams helper
- Expose user teams in auth middleware, login, and /me responses
- Add bu_teams CRUD to user management routes with audit logging
- Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var
- Add query-time team filtering to GET /findings and /findings/counts
- Update AuthContext with teams helpers and admin scope toggle
- Create AdminScopeToggle component (My Teams / All BUs)
- Scope ReportingPage findings fetch by user teams
- Scope CompliancePage team selector by user teams
- Scope ExportsPage findings exports by user teams
- Add BU teams multi-select to UserManagement create/edit forms
- Display team badges in user list table

backend/.env.example

@@ -17,6 +17,11 @@ IVANTI_API_KEY=
 IVANTI_CLIENT_ID=1550
 IVANTI_FIRST_NAME=
 IVANTI_LAST_NAME=
+# Comma-separated list of BU values to sync from Ivanti.
+# Broadening this pulls findings for additional BUs into the local cache.
+# Users see only their assigned teams' findings (filtered at query time).
+# Default if unset: NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM
+IVANTI_BU_FILTER=NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM
 # Set to true if behind Charter's SSL inspection proxy (replicates Python verify=False)
 IVANTI_SKIP_TLS=false
 
@@ -54,3 +59,9 @@ CARD_API_USER=
 CARD_API_PASS=
 # Set to true if behind Charter's SSL inspection proxy
 CARD_SKIP_TLS=false
+
+# GitLab Feedback Integration (bug reports and feature requests from the dashboard)
+# PAT needs 'api' scope. Project ID is the numeric ID from GitLab project settings.
+GITLAB_URL=http://steam-gitlab.charterlab.com
+GITLAB_PROJECT_ID=
+GITLAB_PAT=