Fix production network issues on app.simplemodule.dev

[antosubash]

Summary

Live probing of https://app.simplemodule.dev surfaced three user-visible network problems; this PR fixes all three:

• /swagger 404 — the Dashboard landing advertises an API Docs link but Swagger UI is only mounted in Development. The isDevelopment prop is already available at the endpoint; threaded through DashboardView and used to gate both the card and the footer link.
• /favicon.ico 404 on every page load — wwwroot only ships favicon.svg; browsers still auto-fetch the .ico path. Added a small MapGet("/favicon.ico") in the host that serves the existing SVG bytes with image/svg+xml.
• Sidebar shows Files and Datasets to users who can't open them — both endpoints are gated with .RequirePermission(...) but MenuItem only had a Roles filter, so the menu was incoherent with authorization and every click 302'd to AccessDenied. Added:
  • MenuItem.RequiredPermission (nullable string).
  • ClaimsPrincipal.HasPermission(permission) extension — admin bypass + exact match + wildcard via existing PermissionMatcher.
  • InertiaLayoutDataMiddleware now filters menus by both role and permission in a single compound predicate.
  • FileStorageModule and DatasetsModule set RequiredPermission = XxxPermissions.View on their sidebar entries.
  • PermissionAuthorizationHandler now delegates to HasPermission so the admin-bypass + wildcard-match logic lives in one place.
  • The "permission" claim type string is lifted to a new WellKnownClaims.Permission constant and used in both call sites.

No menu change needed for Map/Layer Sources, Products, Chat, Orders, or Settings — those endpoints are AllowAnonymous() or accept any authenticated user. Admin and PageBuilder were already role-gated.

Test plan

• dotnet build — clean
• dotnet test tests/SimpleModule.Core.Tests — 259/259 pass (includes 6 new HasPermission tests and the existing PermissionAuthorizationHandler tests that exercise the refactored delegation)
• dotnet test modules/FileStorage/tests/SimpleModule.FileStorage.Tests — 44/44
• dotnet test modules/Datasets/tests/SimpleModule.Datasets.Tests — 4/4
• After deploy: sign in as the seeded User — sidebar should no longer show Files or Datasets; dashboard cards should not include API Docs; curl -I https://app.simplemodule.dev/favicon.ico should return 200
• After deploy: sign in as the seeded Admin — Files and Datasets should appear and open without AccessDenied

[cloudflare-workers-and-pages]

Deploying simplemodule-website with    Cloudflare Pages

Latest commit:	fc6574e
Status:	✅  Deploy successful!
Preview URL:	https://b608eddd.simplemodule-website.pages.dev
Branch Preview URL:	https://feature-agitated-curran.simplemodule-website.pages.dev

View logs