refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics

- Add Workspace domain (entity, repository, service, handler, DTO)
- Add multi-tenant K8s client with tenant binding and quota management
- Add K8s diagnostics client (instance diagnostics)
- Add authorization middleware (authz package)
- Restructure frontend to feature-based architecture (features/)
- Add User Management page in configuration
- Add AccessDenied page and route guards
- Refactor shared components (form inputs, layout, UI)
- Update Tailwind config for new design system
- Add comprehensive documentation (docs/, tasks/, plans)
- Improve cluster service with better kubeconfig handling
- Add tests for crypto, config, helm client, tenant binding

backend/internal/domain/entity/user.go

@@ -6,13 +6,17 @@ import (
 
 // User 用户领域实体
 type User struct {
-	ID           string
-	Username     string
-	PasswordHash string
-	Email        string
-	RevokedAfter time.Time // 全局 Token 撤销时间
-	CreatedAt    time.Time
-	UpdatedAt    time.Time
+	ID                 string
+	Username           string
+	PasswordHash       string
+	Email              string
+	Role               string
+	WorkspaceID        string
+	IsActive           bool
+	MustChangePassword bool
+	RevokedAfter       time.Time // 全局 Token 撤销时间
+	CreatedAt          time.Time
+	UpdatedAt          time.Time
 }
 
 // NewUser 创建新用户
@@ -22,6 +26,9 @@ func NewUser(username, passwordHash, email string) *User {
 		Username:     username,
 		PasswordHash: passwordHash,
 		Email:        email,
+		Role:         "user",
+		WorkspaceID:  DefaultWorkspaceID,
+		IsActive:     true,
 		RevokedAfter: time.Unix(0, 0), // 初始值：1970-01-01
 		CreatedAt:    now,
 		UpdatedAt:    now,
@@ -49,6 +56,11 @@ func (u *User) Validate() error {
 	if u.PasswordHash == "" {
 		return ErrInvalidPassword
 	}
+	if u.Role == "" {
+		u.Role = "user"
+	}
+	if u.WorkspaceID == "" && u.Role != "admin" {
+		u.WorkspaceID = DefaultWorkspaceID
+	}
 	return nil
 }
-