Add View As (impersonation) feature for Admin users

Allow Admin users to temporarily view the app as another user to verify
permissions and team scoping without switching accounts.

Backend:
- Migration: add impersonate_user_id column to sessions table
- requireAuth(): when impersonation is active, override req.user with
  target user's identity; store real admin identity in req.realUser
- POST /api/auth/impersonate: start impersonation (Admin only, cannot
  impersonate self or other Admins)
- POST /api/auth/stop-impersonate: end impersonation, revert to real user
- GET /api/auth/me: returns impersonating flag and realUser when active
- Audit logging on impersonate start/stop

Frontend:
- AuthContext: add impersonating, realUser state; startImpersonation()
  and stopImpersonation() helpers
- ImpersonationBanner: fixed amber banner showing target user identity
  with Exit button
- UserManagement: Eye icon button on each non-Admin user row to start
  View As (visible only to Admin, hidden for self and other Admins)
- App.js: mount ImpersonationBanner at top of authenticated view

frontend/src/App.js

@@ -8,6 +8,7 @@ import AuditLog from './components/AuditLog';
 import NvdSyncModal from './components/NvdSyncModal';
 import NavDrawer from './components/NavDrawer';
 import AdminScopeToggle from './components/AdminScopeToggle';
+import ImpersonationBanner from './components/ImpersonationBanner';
 import VulnerabilityTriagePage from './components/pages/ReportingPage';
 import KnowledgeBasePage from './components/pages/KnowledgeBasePage';
 import ExportsPage from './components/pages/ExportsPage';
@@ -75,6 +76,7 @@ export default function App() {
 
   return (
     <div className="min-h-screen bg-intel-darkest grid-bg p-6 relative overflow-hidden fade-in">
+      <ImpersonationBanner />
       <NavDrawer
         isOpen={navOpen}
         onClose={() => setNavOpen(false)}