refactor(ui): semantic token theming + cleaner SaaS palette

Replace the brittle 266-rule `:root.light` `!important` override block with a
Tailwind v4 `@theme inline` semantic token system (surface/header/card/inner/
field/line/fg/fg-muted/fg-faint + success/info/primary/warning/danger/rose/
violet/sky/orange/blue, each with vivid/soft/line). Migrate all 14 components
and App.tsx off hardcoded slate/hex utilities onto the tokens, so dark/light
is now a pure CSS-variable swap with no per-utility overrides.

- index.css ~984 -> ~150 lines; CSS bundle 145 -> 98 kB
- calmer, desaturated accents; removed gratuitous glows and constant pulsing
- branding, playful copy and intentionally-dark code blocks preserved

Also wires `requireAdmin` onto settings, bookings-delete, database, checkmk,
semaphore and caddy routes.

ARCHITECTURE.md

@@ -36,7 +36,7 @@
 
 ```
 +-----------------------------------------------------------------------------+
-|                              GHOSTGRID PLATFORM                              |
+|                              GHOSTGRID PLATFORM                             |
 +-----------------------------------------------------------------------------+
 |  +---------------------------------------------------------------------+    |
 |  |                         PRESENTATION LAYER                          |    |
@@ -49,7 +49,7 @@
 |                                     |  authFetch > Bearer <JWT>             |
 |  +---------------------------------------------------------------------+    |
 |  |                  APPLICATION LAYER (server.ts)                      |    |
-|  |  Single Express process — serves API + frontend                    |    |
+|  |  Single Express process — serves API + frontend                    |     |
 |  |  +-----------+ +-----------+ +-----------+ +-----------+ +--------+ |    |
 |  |  |   Auth    | |  Devices  | |   Labs    | | Bookings  | |  Logs  | |    |
 |  |  | (JWT/MSAL)| |   CRUD    | |   CRUD    | |   CRUD    | |        | |    |