feat: 增强管理员权限与角色管理功能

- 在 SyncAdminAuthorizationCommand 中新增对代理和抽奖菜单操作的同步功能，确保缺失的菜单操作行能够被创建。
- 更新多个控制器中的权限检查逻辑，使用 hasPermissionCode 替代原有的权限验证方式，提升权限管理的灵活性。
- 引入 ApiMessage 统一错误响应格式，确保在权限不足时返回一致的错误信息。
- 更新 AdminRole 和 AdminUser 模型，增强角色与用户的权限管理功能，支持更细粒度的权限控制。

app/Models/AdminRole.php

@@ -4,7 +4,9 @@ namespace App\Models;
 
 use Illuminate\Support\Facades\DB;
 use App\Support\AdminPermissionBridge;
+use App\Support\AdminPermissionInheritance;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Validation\ValidationException;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 
 final class AdminRole extends Model
@@ -106,7 +108,9 @@ final class AdminRole extends Model
      */
     public function syncLegacyPermissionSlugs(array $slugs): void
     {
-        $legacySlugs = AdminPermissionBridge::normalizeCanonicalLegacySlugs($slugs);
+        $legacySlugs = AdminPermissionInheritance::expand(
+            AdminPermissionBridge::normalizeCanonicalLegacySlugs($slugs),
+        );
 
         $codes = [];
         foreach ($legacySlugs as $slug) {
@@ -127,6 +131,17 @@ final class AdminRole extends Model
                 'menu_action_id' => (int) $mid,
             ]);
         }
+
+        $granted = $this->legacyPermissionSlugs();
+        $missing = array_values(array_diff($legacySlugs, $granted));
+        if ($missing !== []) {
+            throw ValidationException::withMessages([
+                'permission_slugs' => [
+                    'permission_catalog_incomplete: '.implode(', ', $missing)
+                    .' (run: php artisan migrate && php artisan lottery:admin-auth-sync --audit)',
+                ],
+            ]);
+        }
     }
 
     public function assignedUserCount(): int