fix: update devfront tests to match simplified RBAC model

- Updated role normalization tests to expect legacy roles mapped to 'user'.
- Updated forbidden message tests to expect standard user guidance for legacy roles.

devfront/src/lib/role.test.ts

@@ -4,14 +4,14 @@ import { normalizeRole, resolveProfileRole } from "./role";
 describe("normalizeRole", () => {
   it("normalizes known role aliases", () => {
     expect(normalizeRole("tenant_member")).toBe("user");
-    expect(normalizeRole("admin")).toBe("tenant_admin");
+    expect(normalizeRole("admin")).toBe("user");
     expect(normalizeRole("superadmin")).toBe("super_admin");
-    expect(normalizeRole("tenantadmin")).toBe("tenant_admin");
-    expect(normalizeRole("rpadmin")).toBe("rp_admin");
+    expect(normalizeRole("tenantadmin")).toBe("user");
+    expect(normalizeRole("rpadmin")).toBe("user");
   });
 
-  it("returns a trimmed lowercase role for unknown values", () => {
-    expect(normalizeRole("  custom_role  ")).toBe("custom_role");
+  it("returns 'user' for unknown string values and empty string for non-strings", () => {
+    expect(normalizeRole("  custom_role  ")).toBe("user");
     expect(normalizeRole(123)).toBe("");
   });
 });