[TESTING] Add comprehensive unit tests for permission system

[itigges22]

Description

Current State

The permission system is critical for security but has zero automated tests. The package.json references a test file that doesn't exist:

"test:unit": "npx tsx __tests__/lib/permission-checker.test.ts"

The permission system has:

• ~40 permissions with complex evaluation logic
• 5-minute TTL cache that could have stale data bugs
• Context-aware checks (projectId, accountId, departmentId)
• Override permissions (VIEW_ALL_PROJECTS bypasses assignment check)
• Hierarchical permission inheritance

Desired Outcome

Create __tests__/lib/permission-checker.test.ts testing:

describe('checkPermissionHybrid', () => {
  it('allows superadmins to bypass all checks', async () => { });
  it('allows override permissions without context', async () => { });
  it('requires context for base permissions', async () => { });
  it('denies when base permission missing', async () => { });
  it('uses cached result within TTL', async () => { });
  it('refreshes cache after TTL expires', async () => { });
});

describe('isAssignedToProject', () => {
  it('returns true for assigned users', async () => { });
  it('returns false for unassigned users', async () => { });
  it('ignores removed_at assignments', async () => { });
});

How to get started

1. Read lib/permission-checker.ts to understand the logic
2. Set up Vitest: npm install -D vitest @testing-library/react
3. Create mock Supabase client for testing
4. Test each public function

Bonus

Add integration tests with real Supabase for __tests__/integration/permissions-integration.test.ts

Acceptance Criteria

• __tests__/lib/permission-checker.test.ts exists with 10+ tests
• All public functions have at least one test
• Cache behavior is tested
• npm run test:unit passes