Initial commit: RSS platform phase 1 skeleton with code review fixes

Features:
- FastAPI + SQLAlchemy 2.0 async + PostgreSQL/pgvector + Redis backend
- Vue 3 + TypeScript + Element Plus frontend
- JWT auth with access/refresh tokens and revocation
- Admin/member RBAC
- RSS feed CRUD and article listing
- Settings management with Fernet encryption for sensitive values
- Redis distributed lock service
- Alembic initial migration
- Docker Compose development environment

Fixes from code review:
- Fix DB session leak in dependency injection
- Restrict registration to admin only
- Add default admin password warning
- Implement JWT refresh tokens and jti blacklist
- Strengthen password policy
- Use func.count for pagination totals
- Replace NullPool with AsyncAdaptedQueuePool
- Remove init_db from lifespan to enforce alembic migrations
- Add request_id middleware and logging filter
- Fix vite.config.ts env loading
- Add frontend token refresh interceptor
- Add Vue error handler

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

backend/app/core/rbac.py

@@ -0,0 +1,30 @@
+"""Role-based access control."""
+from enum import Enum
+
+from fastapi import Depends, HTTPException, status
+
+from app.models.user import User
+
+
+class Role(str, Enum):
+    """User roles."""
+
+    ADMIN = "admin"
+    MEMBER = "member"
+
+
+def require_admin(current_user: User) -> User:
+    """Dependency that requires admin role."""
+    if current_user.role != Role.ADMIN:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Admin privileges required",
+        )
+    return current_user
+
+
+def has_permission(user: User, required_role: Role) -> bool:
+    """Check if user has required role."""
+    if user.role == Role.ADMIN:
+        return True
+    return user.role == required_role