feat(auth): Add external authentication (OAuth/OIDC & LDAP) with admin management, UI, and encryption support

ui/src/app/core/guards/admin.guard.ts

@@ -0,0 +1,27 @@
+import { inject } from '@angular/core';
+import { Router, type CanActivateFn } from '@angular/router';
+import { AuthService } from '../services/auth.service';
+
+export const adminGuard: CanActivateFn = async () => {
+  const authService = inject(AuthService);
+  const router = inject(Router);
+
+  // First check if authenticated
+  if (!authService.isAuthenticated()) {
+    // Try to refresh the token
+    const refreshed = await authService.refreshAccessToken();
+    if (!refreshed) {
+      router.navigate(['/login']);
+      return false;
+    }
+  }
+
+  // Then check if admin
+  if (!authService.isAdmin()) {
+    // Not an admin, redirect to dashboard
+    router.navigate(['/dashboard']);
+    return false;
+  }
+
+  return true;
+};