feat: add user management API (create, update, delete, reset-password)

- New /api/v1/users endpoints for team management
- Role-based permissions (owner can do all, admin can manage managers/users)
- Role hierarchy: owner (CEO) > admin > manager > user
- Soft delete with token revocation

src/main.ts

@@ -3,6 +3,7 @@ import "@std/dotenv/load";
 
 // Routes
 import { authRouter } from "./routes/auth.ts";
+import { usersRouter } from "./routes/users.ts";
 import { contactsRouter } from "./routes/contacts.ts";
 import { companiesRouter } from "./routes/companies.ts";
 import { dealsRouter } from "./routes/deals.ts";
@@ -139,6 +140,14 @@ app.use(async (ctx, next) => {
           "POST /api/v1/auth/verify-email": "Verify email address",
           "GET /api/v1/auth/me": "Get current user",
         },
+        users: {
+          "GET /api/v1/users": "List organization users (admin/owner)",
+          "GET /api/v1/users/:id": "Get user details",
+          "POST /api/v1/users": "Create/invite new user (admin/owner)",
+          "PUT /api/v1/users/:id": "Update user (admin/owner)",
+          "DELETE /api/v1/users/:id": "Delete user (admin/owner)",
+          "POST /api/v1/users/:id/reset-password": "Reset user password (admin/owner)",
+        },
         contacts: {
           "GET /api/v1/contacts": "List contacts",
           "GET /api/v1/contacts/stats": "Contact statistics",
@@ -214,6 +223,9 @@ app.use(async (ctx, next) => {
 app.use(authRouter.routes());
 app.use(authRouter.allowedMethods());
 
+app.use(usersRouter.routes());
+app.use(usersRouter.allowedMethods());
+
 app.use(contactsRouter.routes());
 app.use(contactsRouter.allowedMethods());