feat: add admin_engine and get_admin_db for BYPASSRLS admin endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/core/admin_database.py

@@ -0,0 +1,36 @@
+# backend/app/core/admin_database.py
+"""
+Admin database engine — connects as resolutionflow_admin (BYPASSRLS).
+
+Use ONLY for /admin/* endpoints and internal tooling.
+Never use this engine from user-facing endpoints.
+"""
+from collections.abc import AsyncGenerator
+
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+
+from app.core.config import settings
+
+admin_engine = create_async_engine(
+    settings.ADMIN_DATABASE_URL,
+    echo=settings.DEBUG,
+    future=True,
+)
+
+_admin_session_factory = async_sessionmaker(
+    admin_engine,
+    class_=AsyncSession,
+    expire_on_commit=False,
+)
+
+
+async def get_admin_db() -> AsyncGenerator[AsyncSession, None]:
+    """Yield an admin DB session (BYPASSRLS). Use only on /admin/* endpoints."""
+    async with _admin_session_factory() as session:
+        try:
+            yield session
+        except Exception:
+            await session.rollback()
+            raise
+        finally:
+            await session.close()