(feature) Add read-only access level to control panel

Introduce a central access policy that lets authenticated non-staff users view
backup status pages while keeping credentials, logs, configs, and mutating
actions staff-only.

Hide sensitive navigation and host controls for read-only users, expose only
the status API to authenticated viewers, and document the two access levels.

src/pobsync_server/settings.py

@@ -48,6 +48,7 @@ TEMPLATES = [
                 "django.template.context_processors.request",
                 "django.contrib.auth.context_processors.auth",
                 "django.contrib.messages.context_processors.messages",
+                "pobsync_backend.context_processors.pobsync_access",
             ],
         },
     },
@@ -55,6 +56,8 @@ TEMPLATES = [
 
 WSGI_APPLICATION = "pobsync_server.wsgi.application"
 
+LOGIN_URL = "/admin/login/"
+
 
 def _database_config() -> dict[str, object]:
     engine = os.getenv("POBSYNC_DB_ENGINE", "sqlite").strip().lower()