feat: secure admin panel with Supabase auth + course management CRUD

- Replace ADMIN_SECRET query param with proper Supabase auth + is_admin flag
- Add admin layout with auth check (redirects non-admin to /)
- Add AdminShell component with sidebar navigation (Dashboard, Candidatures, Cours)
- Add admin dashboard with stats (candidatures, users, modules)
- Add admin candidatures page with filters and approve/reject
- Add admin course management page (create, edit, delete, publish/unpublish)
- Add API routes: GET/POST /api/admin/modules, GET/PUT/DELETE /api/admin/modules/[id]
- Add verifyAdmin() helper for API route protection
- Update database types with is_admin on profiles

https://claude.ai/code/session_01H2aRGDaKgarPvhay2HxN6Y

app/api/admin/candidatures/route.ts

@@ -1,16 +1,15 @@
 import { NextResponse } from "next/server";
 import { createAdminClient } from "@/lib/supabase/server";
+import { verifyAdmin, isAdminError } from "@/lib/admin";
 
 export const runtime = "nodejs";
 
 // GET /api/admin/candidatures - Lister toutes les candidatures
-// Protégé par ADMIN_SECRET en query param
-export async function GET(request: Request) {
-  const { searchParams } = new URL(request.url);
-  const secret = searchParams.get("secret");
-
-  if (!process.env.ADMIN_SECRET || secret !== process.env.ADMIN_SECRET) {
-    return NextResponse.json({ error: "Non autorisé." }, { status: 401 });
+// Sécurisé par auth Supabase + vérification is_admin
+export async function GET() {
+  const auth = await verifyAdmin();
+  if (isAdminError(auth)) {
+    return NextResponse.json({ error: auth.error }, { status: auth.status });
   }
 
   const supabase = createAdminClient();