feat: photo-search, system settings, ROADMAP

- PhotoSearchModal: Yandex photo-search с профилями доменов
- SystemSettings: управление app_settings (admin-only, /system)
- ROADMAP.md: актуальный план фич P1-P10
- Header, ChannelView, session: поддержка is_admin

app/api/auth/login/route.js

@@ -16,19 +16,23 @@ export async function POST(req) {
     }
     const hash = await bcrypt.hash(password, 10);
     const { rows } = await q(
-      `INSERT INTO users (email,password) VALUES ($1,$2) RETURNING id,email,name`,
+      `INSERT INTO users (email,password) VALUES ($1,$2) RETURNING id,email,name,is_admin`,
       [email, hash]
     );
     const user = rows[0];
     const s = await getSession();
     s.userId = user.id;
     s.email = user.email;
+    s.isAdmin = !!user.is_admin;
     await s.save();
     return NextResponse.json({ ok: true, user });
   }
 
   // login
-  const { rows } = await q(`SELECT id,email,password,name FROM users WHERE email=$1`, [email]);
+  const { rows } = await q(
+    `SELECT id,email,password,name,is_admin FROM users WHERE email=$1`,
+    [email]
+  );
   if (!rows.length) {
     return NextResponse.json({ error: 'Неверный email или пароль' }, { status: 401 });
   }
@@ -41,6 +45,10 @@ export async function POST(req) {
   s.userId = user.id;
   s.email = user.email;
   s.name = user.name;
+  s.isAdmin = !!user.is_admin;
   await s.save();
-  return NextResponse.json({ ok: true, user: { id: user.id, email: user.email, name: user.name } });
+  return NextResponse.json({
+    ok: true,
+    user: { id: user.id, email: user.email, name: user.name, isAdmin: !!user.is_admin },
+  });
 }