fix: filter users by company for ALL non-Admin roles

Previously only 'Seller' role was filtered, but Owner/Colaborador/Entregador roles
were not filtered, causing global admin to appear in pharmacy user lists.

backend/internal/http/handler/user_handler.go

@@ -92,9 +92,10 @@ func (h *Handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 		companyFilter = &id
 	}
 
-	if strings.EqualFold(requester.Role, "Seller") {
+	// Non-admin users can only see users from their own company
+	if !strings.EqualFold(requester.Role, "Admin") {
 		if requester.CompanyID == nil {
-			writeError(w, http.StatusBadRequest, errors.New("seller must include X-Company-ID header"))
+			writeError(w, http.StatusBadRequest, errors.New("user must have a company associated"))
 			return
 		}
 		companyFilter = requester.CompanyID