vuln: remove admin role check

[devin-ai-integration]

What does this PR do?

⚠️ WARNING: This PR intentionally introduces a security vulnerability for workshop demonstration purposes. DO NOT MERGE TO PRODUCTION. ⚠️

This PR comments out the admin role authorization check in isAdminMiddleware, allowing any authenticated user to access admin-only endpoints.

Changes

The isAdminMiddleware in packages/trpc/server/middlewares/sessionMiddleware.ts no longer verifies that user.role === "ADMIN" before allowing access to protected admin routes.

Affected endpoints include:

• admin.listPaginated - List all users
• admin.sendPasswordReset - Send password reset emails
• admin.lockUserAccount - Lock user accounts
• admin.removeTwoFactor - Remove 2FA from accounts
• admin.setSMSLockState - Control SMS lock state
• admin.createSelfHostedLicense - Create license keys
• Various feature flag and workspace platform operations

Visual Demo (For contributors especially)

N/A - This is a code-only change for workshop demonstration.

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

1. Log in as a non-admin user
2. Attempt to access any admin endpoint (e.g., admin.listPaginated)
3. Before this change: Should receive UNAUTHORIZED error
4. After this change: Should successfully access admin data

Human Review Checklist

• ⚠️ Confirm this is ONLY for workshop/demo purposes
• ⚠️ Ensure this branch is NEVER merged to main/production
• Understand that this creates a Broken Access Control vulnerability (OWASP A01:2021)

---

Link to Devin run: https://partner-workshops.devinenterprise.com/sessions/eca82cdf00064dc0b0b9e4b4f3d037ce

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

Unknown release type "vuln" found in pull request title "vuln: remove admin role check". 

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit