feat(opsserver): add admin user create/delete management and default hosted idp.global auth support

ts/opsserver/handlers/users.handler.ts

@@ -3,7 +3,7 @@ import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
 
 /**
- * Read-only handler for OpsServer user accounts. Registers on adminRouter,
+ * Handler for OpsServer user accounts. Registers on adminRouter,
  * so admin middleware enforces auth + role check before the handler runs.
  * User data is owned by AdminHandler; this handler just exposes a safe
  * projection of it via TypedRequest.
@@ -16,7 +16,7 @@ export class UsersHandler {
   private registerHandlers(): void {
     const router = this.opsServerRef.adminRouter;
 
-    // List users (admin-only, read-only)
+    // List users (admin-only)
     router.addTypedHandler(
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListUsers>(
         'listUsers',
@@ -26,5 +26,28 @@ export class UsersHandler {
         },
       ),
     );
+
+    router.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateUser>(
+        'createUser',
+        async (dataArg) => this.opsServerRef.adminHandler.createUser({
+          email: dataArg.email,
+          name: dataArg.name,
+          role: dataArg.role,
+          password: dataArg.password,
+          enableIdpGlobalAuth: dataArg.enableIdpGlobalAuth,
+        }),
+      ),
+    );
+
+    router.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteUser>(
+        'deleteUser',
+        async (dataArg) => this.opsServerRef.adminHandler.deleteUser({
+          id: dataArg.id,
+          requestingUserId: dataArg.identity.userId,
+        }),
+      ),
+    );
   }
 }