Replace HTMX+PHP file upload queues with client-side JS

Drops the session-backed HTMX incremental upload system in favour of a
single JS module that manages `File` objects client-side and injects
them into `FormData` on submit.

Key changes:

* `file-upload-queue.js`: client-side queues with validation, reorder
  (SortableJS), removal, dirty-state tracking, and fetch-based submit
  with manual redirect handling
* `fichiers-fragment.php`: empty queue containers for JS-managed queues;
  HTMX format switching still works with queue rehydration after swap;
  annexe uploads now support multiple files
* Form UI cleanup: moved existing files and cover preview into the
  `Fichiers` fieldset (edit mode); removed redundant queue labels while
  keeping labels for single-file inputs (`couverture`,
  `note d'intention`); added delete buttons for existing files
* `ThesisFileHandler.php`: added
  `handleTfeQueueFiles()`/`handleAnnexeQueueFiles()` reading from
  `$_FILES['queue_file']`; introduced `extractFilesSubArray()` for
  nested upload arrays; removed session-based queue handling
* `ThesisCreateController.php` &
  `ThesisEditController.php`: switched to extracted
  `['queue_file']` uploads
* `beforeunload-guard.js`: now also watches
  `window.__xamxamDirty`
* Deleted obsolete PHP upload/remove/reorder queue endpoints for
  `partage` and `admin`
* Cleaned up route dispatch in `partage/index.php`
* Misc form and styling updates in templates/CSS
* Added `docs/cms-migration-plan.html`

app/public/admin/add.php

@@ -55,7 +55,7 @@ function wasSelected($key, $value) {
 $isAdmin = true;
 $bodyClass = 'admin-body';
 $extraCss  = ['/assets/css/form.css'];
-$extraJs   = ['/assets/js/file-upload-queue.js', '/assets/js/beforeunload-guard.js'];
+$extraJs   = ['/assets/js/sortable.min.js', '/assets/js/file-upload-queue.js', '/assets/js/beforeunload-guard.js'];
 require_once APP_ROOT . '/templates/head.php';
 include APP_ROOT . '/templates/header.php';
 include APP_ROOT . '/templates/admin/add.php';

app/public/admin/edit.php

@@ -40,7 +40,7 @@ try {
 
 $isAdmin = true; $bodyClass = 'admin-body';
 $extraCss  = ['/assets/css/form.css'];
-$extraJs   = ['/assets/js/file-upload-queue.js', '/assets/js/beforeunload-guard.js'];
+$extraJs   = ['/assets/js/sortable.min.js', '/assets/js/file-upload-queue.js', '/assets/js/beforeunload-guard.js'];
 require_once APP_ROOT . '/templates/head.php';
 include APP_ROOT . '/templates/header.php';
 include APP_ROOT . '/templates/admin/edit.php';

app/public/admin/remove-tfe-file.php

@@ -1,12 +0,0 @@
-<?php
-/**
- * remove-tfe-file.php (admin)
- *
- * Admin-gated wrapper for the remove-tfe-file fragment.
- */
-require_once __DIR__ . '/../../bootstrap.php';
-require_once __DIR__ . '/../../src/AdminAuth.php';
-App::boot();
-AdminAuth::requireLogin();
-
-require_once __DIR__ . '/../partage/remove-tfe-file.php';

app/public/admin/upload-tfe-file.php

@@ -1,12 +0,0 @@
-<?php
-/**
- * upload-tfe-file.php (admin)
- *
- * Admin-gated wrapper for the upload-tfe-file fragment.
- */
-require_once __DIR__ . '/../../bootstrap.php';
-require_once __DIR__ . '/../../src/AdminAuth.php';
-App::boot();
-AdminAuth::requireLogin();
-
-require_once __DIR__ . '/../partage/upload-tfe-file.php';