feat: secure admin panel with Supabase auth + course management CRUD

- Replace ADMIN_SECRET query param with proper Supabase auth + is_admin flag
- Add admin layout with auth check (redirects non-admin to /)
- Add AdminShell component with sidebar navigation (Dashboard, Candidatures, Cours)
- Add admin dashboard with stats (candidatures, users, modules)
- Add admin candidatures page with filters and approve/reject
- Add admin course management page (create, edit, delete, publish/unpublish)
- Add API routes: GET/POST /api/admin/modules, GET/PUT/DELETE /api/admin/modules/[id]
- Add verifyAdmin() helper for API route protection
- Update database types with is_admin on profiles

https://claude.ai/code/session_01H2aRGDaKgarPvhay2HxN6Y

app/api/admin/candidatures/[id]/approve/route.ts

@@ -1,5 +1,6 @@
 import { NextResponse } from "next/server";
 import { createAdminClient } from "@/lib/supabase/server";
+import { verifyAdmin, isAdminError } from "@/lib/admin";
 import { stripe } from "@/lib/stripe/client";
 import { getBaseUrl } from "@/lib/utils";
 
@@ -7,17 +8,15 @@ export const runtime = "nodejs";
 
 // POST /api/admin/candidatures/[id]/approve - Approuver une candidature
 export async function POST(
-  request: Request,
+  _request: Request,
   { params }: { params: Promise<{ id: string }> }
 ) {
-  const { id } = await params;
-  const body = await request.json();
-  const { secret } = body;
-
-  if (!process.env.ADMIN_SECRET || secret !== process.env.ADMIN_SECRET) {
-    return NextResponse.json({ error: "Non autorisé." }, { status: 401 });
+  const auth = await verifyAdmin();
+  if (isAdminError(auth)) {
+    return NextResponse.json({ error: auth.error }, { status: auth.status });
   }
 
+  const { id } = await params;
   const supabase = createAdminClient();
 
   // Récupérer la candidature