fix(auth): include legacy role column in getRoles query

The superadmin role was stored in users.role column but getRoles()
only checked user_roles table. Updated to use UNION query that
combines both sources for backward compatibility.

Fixes 403 Forbidden on /api/v1/users for admin users.

backend/internal/infrastructure/persistence/postgres/user_repository.go

@@ -162,7 +162,14 @@ func (r *UserRepository) Delete(ctx context.Context, id string) error {
 }
 
 func (r *UserRepository) getRoles(ctx context.Context, userID string) ([]entity.Role, error) {
-	rows, err := r.db.QueryContext(ctx, `SELECT role FROM user_roles WHERE user_id = $1`, userID)
+	// Query both user_roles table AND legacy role column from users table
+	// This ensures backward compatibility with users who have role set in users.role
+	query := `
+		SELECT role FROM user_roles WHERE user_id = $1
+		UNION
+		SELECT role FROM users WHERE id = $1 AND role IS NOT NULL AND role != ''
+	`
+	rows, err := r.db.QueryContext(ctx, query, userID)
 	if err != nil {
 		return nil, err
 	}