feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only)

- Add user_group migration and created_by column migration
- Replace requireRole middleware with requireGroup
- Update all backend routes to use group-based authorization
- Add Standard_User conditional delete with ownership, state, and compliance checks
- Add cascade impact check for CVE deletes
- Update AuthContext with group-based permission helpers
- Update all frontend components for group-based rendering
- Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention

backend/routes/knowledgeBase.js

@@ -1,7 +1,7 @@
 const express = require('express');
 const path = require('path');
 const fs = require('fs');
-const { requireAuth, requireRole } = require('../middleware/auth');
+const { requireAuth, requireGroup } = require('../middleware/auth');
 const logAudit = require('../helpers/auditLog');
 
 function createKnowledgeBaseRouter(db, upload) {
@@ -40,7 +40,7 @@ function createKnowledgeBaseRouter(db, upload) {
   }
 
   // POST /api/knowledge-base/upload - Upload new document
-  router.post('/upload', requireAuth(db), requireRole(db, 'editor', 'admin'), (req, res, next) => {
+  router.post('/upload', requireAuth(db), requireGroup('Admin', 'Standard_User'), (req, res, next) => {
     upload.single('file')(req, res, (err) => {
       if (err) {
         console.error('[KB Upload] Multer error:', err);
@@ -302,7 +302,7 @@ function createKnowledgeBaseRouter(db, upload) {
   });
 
   // DELETE /api/knowledge-base/:id - Delete article
-  router.delete('/:id', requireAuth(db), requireRole(db, 'editor', 'admin'), (req, res) => {
+  router.delete('/:id', requireAuth(db), requireGroup('Admin', 'Standard_User'), (req, res) => {
     const { id } = req.params;
 
     const sql = 'SELECT file_path, title FROM knowledge_base WHERE id = ?';