Refactor + feat: unify format/fichiers HTMX fragment, reorder format types, add file constraints, fix admin auth

* **Unified Format + Fichiers into a single HTMX fragment**

  * Introduced `app/public/partage/fichiers-fragment.php` as shared dynamic block returning both format checkboxes and adaptive “Fichiers” fieldset
  * Logic adapts inputs based on selected formats:

    * no selection / upload formats → standard file inputs
    * “Site web” → URL fields only
    * “Site web + upload” → file inputs + URL sub-fieldset
  * Added admin wrapper: `app/public/admin/fichiers-fragment.php` (gated via `admin_mode=1`)
  * Added `app/public/admin/format-website-fragment.php` for edit-mode website URL toggling
  * Wired route `/partage/fichiers-fragment` in `app/public/partage/index.php`
  * Refactored `form.php` (add/edit partage) to use single `#format-fichiers-block` instead of separate fragments
  * Edit mode format checkboxes now target `format-website-fragment.php` → `#edit-website-url-fieldset`
  * Added `$hxInclude` support in `checkbox-list.php` for configurable HTMX includes

* **Format system migration + ordering**

  * Migration `020_format_types_sort_and_rename.sql`:

    * added `sort_order` column to `format_types`
    * inserted new format **Image**
    * defined ordering: Écriture · Image · Audio · Vidéo · Site web · Performance · Objet éditorial · Installation · Autre
  * `Database.php`: format queries now use `ORDER BY sort_order, id`
  * `fichiers-fragment.php`:

    * uses ordered format list
    * resolves Image/Vidéo/Audio by name
    * introduces `$hasImage` flag
    * preserves `admin_mode` across HTMX requests

* **File constraints and UX updates**

  * Enforced **100 MB PDF limit**

    * `ThesisCreateController`: `MAX_PDF_SIZE = 100MB` for PDFs only
    * `ThesisEditController`: same PDF-specific constraint applied
    * Other file types remain capped at 500 MB
  * Updated UI hints in `fichiers-fragment.php` and edit form:

    * explicitly mention 100 MB PDF limit
    * added reference to `bentopdf.com` for compression guidance
  * `file-field.php`: added `$hintRaw` to allow HTML rendering in hints

* **Admin authentication fix**

  * Fixed missing auth in admin fragments
  * Added `require_once AdminAuth.php`
  * Replaced direct usage with `AdminAuth::requireLogin()`
  * Applied consistent pattern with existing fragment authentication approach

* **Migrations included**

  * `019_add_ecriture_format.sql`
  * `020_format_types_sort_and_rename.sql`

* **Files affected**

  * Controllers: `ThesisCreateController`, `ThesisEditController`
  * DB layer: `Database.php`
  * Public fragments: `partage/fichiers-fragment.php`, `admin/fichiers-fragment.php`, `admin/format-website-fragment.php`
  * Templates: `form.php`, `checkbox-list.php`, `file-field.php`
  * Routing: `partage/index.php`
  * Misc: `TODO.md`

This consolidates format normalization, HTMX UI simplification, file validation rules, and admin stability fixes into a single coherent system update.

app/templates/partials/form/file-field.php

@@ -14,6 +14,7 @@
 
 $accept   = $accept   ?? '';
 $hint     = $hint     ?? null;
+$hintRaw  = $hintRaw  ?? false; // when true, $hint is emitted as raw HTML
 $required = $required ?? false;
 $multiple = $multiple ?? false;
 $id       = $id       ?? $name;
@@ -31,9 +32,9 @@ $previewId = 'fp-' . htmlspecialchars($id);
                data-preview="<?= $previewId ?>">
         <div id="<?= $previewId ?>" class="file-preview-list" aria-live="polite"></div>
         <?php if ($hint): ?>
-        <small><?= htmlspecialchars($hint) ?></small>
+        <small><?= $hintRaw ? $hint : htmlspecialchars($hint) ?></small>
         <?php endif; ?>
     </div>
 </div>
 <?php
-unset($accept, $hint, $required, $multiple, $id, $previewId);
+unset($accept, $hint, $hintRaw, $required, $multiple, $id, $previewId);