Unify flash messages: replace all legacy session key writes with App::flash()

All admin action files (account, tag, page, edit, visibility, maintenance,
publish, formulaire) now call App::flash('error'|'success', ...) instead of
writing to raw per-page session keys ($_SESSION['error'], 'admin_error',
'edit_error', 'admin_success', 'edit_success', 'form_error').

All admin display pages (add, edit, account, tags, pages, index) now include
templates/partials/flash-messages.php instead of manually reading and
unsetting the legacy session keys and inlining their own alert HTML.

App::consumeFlash() already drained all legacy key variants as a safety net,
so the partial works correctly whether called from pages that were already
migrated or any remaining stragglers. No behaviour change for end users.

public/admin/add.php

@@ -24,9 +24,9 @@ try {
     die("Erreur lors du chargement du formulaire.");
 }
 
-$error    = $_SESSION["form_error"] ?? null;
-$formData = $_SESSION["form_data"]  ?? [];
-unset($_SESSION["form_error"], $_SESSION["form_data"]);
+$formData = $_SESSION["form_data"] ?? [];
+unset($_SESSION["form_data"]);
+// Flash error consumed by the flash-messages partial below.
 
 function old($key, $default = "") {
     global $formData;
@@ -45,9 +45,7 @@ function wasSelected($key, $value) {
 <main id="main-content">
     <h1>Ajouter un TFE</h1>
 
-    <?php if ($error): ?>
-    <p role="alert" data-type="error">⚠ <?= htmlspecialchars($error) ?></p>
-    <?php endif; ?>
+    <?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
 
     <form action="actions/formulaire.php" method="post" enctype="multipart/form-data" class="admin-form">
         <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION["csrf_token"]) ?>">