feat(admin): affiliate/personal discounts, user-videos, internal routes, authz

Closes the remaining legacy-admin gaps:
- Users «مدیریت» modal: create personal discount or affiliate code (owner_user_id +
  owner_profit_percentage on existing /v1/discounts), and view the user's saved
  projects ("videos") via new admin GET /v1/saved-projects/by-user/{id} (studio)
- Internal routes admin (/admin/routes): CRUD on content.internal_routes
  (RoutesController + CmsService + gateway /v1/routes/*)
- Security: lock identity UsersController Search + Ban to [Authorize(Roles="Admin")]

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

services/studio/FlatRender.StudioSvc/Controllers/StudioController.cs

@@ -19,6 +19,12 @@ public class StudioController(StudioService svc) : ControllerBase
     public async Task<IActionResult> List([FromQuery] SavedProjectListRequest req) =>
         Ok(await svc.ListProjectsAsync(UserId, req));
 
+    // Admin: view any user's saved projects ("user videos" viewer).
+    [HttpGet("by-user/{userId:guid}")]
+    [Authorize(Roles = "Admin")]
+    public async Task<IActionResult> ListByUser(Guid userId, [FromQuery] SavedProjectListRequest req) =>
+        Ok(await svc.ListProjectsAsync(userId, req));
+
     [HttpGet("{id:guid}")]
     public async Task<IActionResult> Get(Guid id) =>
         Ok(await svc.GetProjectAsync(id, UserId));