Gate Gastown UI to Kilo admins only

[jrf0110]

Overview

Gastown is not yet ready for general availability. Gate all Gastown UI routes and API access behind the is_admin flag on kilocode_users so only Kilo team members can see and use it.

Parent: #204

What to gate

• Next.js routes: All /gastown/* pages should redirect non-admins to a 404 or the home page
• tRPC procedures: Any Gastown-related tRPC mutations/queries should check ctx.user.is_admin and throw FORBIDDEN for non-admins
• Gastown worker routes: The CF Access perimeter already restricts access, but add an explicit admin check on the /api/users/:userId/towns and /api/orgs/:orgId/towns routes using the caller's identity
• Navigation: Hide Gastown nav items (sidebar links, menu entries) for non-admin users

Implementation

A simple middleware/guard check at each entry point:

// Next.js page guard
if (!user?.is_admin) redirect('/');

// tRPC procedure guard
const gastownAdminProcedure = protectedProcedure.use(({ ctx, next }) => {
  if (!ctx.user.is_admin) throw new TRPCError({ code: 'FORBIDDEN' });
  return next();
});

Removal

This gate is temporary. Remove it when Gastown is ready for beta/GA. Track removal in a separate issue at that time.

Acceptance criteria

• Non-admin users cannot access any /gastown/* page
• Non-admin users cannot call any Gastown tRPC procedures
• Gastown nav items are hidden for non-admin users
• Admin users see and use Gastown normally

[jrf0110]

Completed in PR #541. All Gastown UI pages, tRPC procedures, and nav items are now gated to admin-only users.