feat(rbac): GDPR export becomes a toggleable clients.gdpr_export permission

Previously the GDPR export trigger + download routes were gated by
admin.manage_settings, so sales roles couldn't run a client data export.
Per request, make it a dedicated, toggleable permission that's on by
default for sales-capable roles and hides the button when withheld.

- New RolePermissions leaf clients.gdpr_export (+ PERMISSION_CATALOG entry);
  strict type forces every role map + fixture to declare it.
- Granted true for super_admin / director / sales_manager / sales_agent;
  false for viewer / residential_partner.
- GDPR export POST (trigger) and [exportId] GET (download) re-gated from
  admin.manage_settings -> clients.gdpr_export.
- GdprExportButton visibility now keys off clients.gdpr_export, so toggling
  it off per-user hides the function entirely.
- Migration 0098 backfills the key onto existing role rows (idempotent).

Verified end-to-end as a Sales user: trigger (202) -> worker build (ready)
-> list (200) -> download (200). 1664 vitest pass; tsc + eslint clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

tests/integration/permission-matrix.test.ts

@@ -99,6 +99,10 @@ describe('Permission Matrix - viewer', () => {
     expect(await checkPermission(ctx, 'clients', 'create')).toBe(403);
   });
 
+  it('cannot run a GDPR export', async () => {
+    expect(await checkPermission(ctx, 'clients', 'gdpr_export')).toBe(403);
+  });
+
   it('cannot update clients', async () => {
     expect(await checkPermission(ctx, 'clients', 'edit')).toBe(403);
   });
@@ -177,6 +181,10 @@ describe('Permission Matrix - sales_manager', () => {
     }
   });
 
+  it('can run a GDPR export (clients.gdpr_export)', async () => {
+    expect(await checkPermission(ctx, 'clients', 'gdpr_export')).toBe(200);
+  });
+
   it('can view audit log', async () => {
     expect(await checkPermission(ctx, 'admin', 'view_audit_log')).toBe(200);
   });