[Codex] fix(auth): restore admin-only access for datapoint and logic mutations

[Micsi]

Motivation

• Revert an authorization regression that allowed any authenticated user or API key to create/update/delete DataPoints and Logic graphs and to publish datapoint writes, which could actuate devices or run attacker-controlled outbound requests.
• Restore least-privilege behaviour so only admin principals can perform high-impact automation and execution operations while preserving read and page-context write flows.

Description

• Require get_admin_user for datapoint mutation endpoints in obs/api/v1/datapoints.py (POST /api/v1/datapoints, PATCH /api/v1/datapoints/{id}, DELETE /api/v1/datapoints/{id}).
• Reintroduce an explicit admin check in POST /api/v1/datapoints/{id}/value so authenticated users are allowed to write values only if users.is_admin, and keep the existing page/session checks for unauthenticated page-context writes.
• Require get_admin_user for logic graph mutation and execution endpoints in obs/api/v1/logic.py (POST /graphs, PUT/PATCH/DELETE /graphs/{id}, POST /graphs/import, POST /graphs/{id}/run) while leaving read/list endpoints protected by get_current_user.
• Changes are minimal and surgical: swapped dependencies to get_admin_user and added a single DB lookup-based admin guard for the direct write path; no changes to event routing or adapter write logic.

Testing

• Ran pytest -q tests/api/test_datapoints.py tests/api/test_logic.py, which failed because the specified test paths are not present in this checkout (collection error due to missing files).
• Ran pytest -q -k 'datapoint or logic', which attempted collection but aborted with ModuleNotFoundError: No module named 'pytest_asyncio', so tests could not be executed to completion in this environment.
• No automated test failures were produced by the change itself in this environment because full test execution was blocked by missing test dependencies or test files.

---

Codex Task

[abeggled]

@Micsi
Ein normaler User soll die vollen Funktionalitäten nutzen können. Der Admin hat nur die Benutzerverwaltung als zusätzliches Recht.
Ohne stichhaltigem Gegenargument werde ich den PR schliessen, da er dem gewünschten Design entspricht und kein Sicherheitsrisiko in dem Sinn darstellt.

[Micsi]

ich bin anderer Meinung @abeggled . Ich habe eine Mietwohnung und möchte daher den Zugriff konsequent auf allen Ebenen beschränken können. Letztlich betrifft das nicht nur Visu und oder Logik sondern muss sich früher oder später durch das ganze System ziehen.
Mittelfristig wünsche ich mir ein Rechtesystem, das sich auf unsere Hierarchieebenen stützt.