feat: replace hardcoded permission map with direct OAuth2 scope checks

Remove role-to-permission mapping (usePermissions, RequirePermission) and replace
with direct scope reads from the Logto access token JWT. OrgResolver decodes the
scope claim after /api/me resolves and stores scopes in Zustand. RequireScope and
useScopes replace the old hooks/components across all pages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

ui/src/types/api.ts

@@ -86,7 +86,6 @@ export interface LogEntry {
 
 export interface MeResponse {
   userId: string;
-  isPlatformAdmin: boolean;
   tenants: Array<{
     id: string;
     name: string;