Add admin account page for PHP password management

Implements the admin user management UI as a self-contained PHP password
change/set flow — no SSH or sudo required.

- public/admin/account.php: shows auth status (PHP hash present, credentials
  file path), password change form (requires current password when one exists,
  min 12 chars, confirm field), and a danger-zone form to delete the
  credentials file entirely
- public/admin/actions/account.php: CSRF-guarded POST handler; verifies
  current password via AdminAuth::login() before accepting a new one;
  generates bcrypt (cost 12) hash; writes config/admin_credentials.php
  atomically via a temp file + rename; regenerates session on success;
  redirects to /admin/login.php when credentials are deleted
- templates/admin/head.php: 'Compte' nav link added (active on account.php)
- public/assets/admin.css: .admin-account-status, .admin-section-title,
  .admin-field-hint, .admin-danger-zone component styles added

Note: the nginx htpasswd flow (manage-admin-users.sh) requires root on the
server and is intentionally kept as a CLI-only operation.

TODO.md

@@ -333,4 +333,4 @@ Goal: rename the tables and column to the canonical M2M pattern (`tags`, `thesis
 - [x] Add server status view in admin panel (nginx + php-fpm health, site HTTP check)
 - [x] Add server log viewer in admin panel (tail nginx error/access logs via SSH or log endpoint)
 - [ ] Add nginx config deploy flow to admin panel (upload `scripts/deploy-server.sh`, run remotely)
-- [ ] Add admin user management UI (wraps `scripts/manage-admin-users.sh` on server)
+- [x] Add admin user management UI — password change/set for PHP auth layer (`public/admin/account.php` + `actions/account.php`; "Compte" nav link; account CSS)