feat: complete fine-grained RBAC rules across all roles

- Restricted Agent view to own dashboard and hid management tabs.

- Allowed Managers to create teams and members but restricted them from editing roles or emails.

- Allowed Admins to update their own email via profile.

- Protected Admin roles from being modified by anyone other than Super Admins.

pages/TeamManagement.tsx

@@ -232,10 +232,19 @@ export const TeamManagement: React.FC = () => {
               <div className="grid grid-cols-2 gap-4">
                 <div>
                   <label className="text-xs font-bold text-zinc-500 dark:text-dark-muted uppercase mb-1 block">Função</label>
-                  <select value={formData.role} onChange={e => setFormData({...formData, role: e.target.value as any})} className="w-full bg-white dark:bg-dark-input border border-zinc-200 dark:border-dark-border p-3 rounded-lg text-sm text-zinc-900 dark:text-dark-text">
+                  <select 
+                    value={formData.role} 
+                    onChange={e => setFormData({...formData, role: e.target.value as any})} 
+                    className="w-full bg-white dark:bg-dark-input border border-zinc-200 dark:border-dark-border p-3 rounded-lg text-sm text-zinc-900 dark:text-dark-text disabled:bg-zinc-50 dark:disabled:bg-dark-bg/50 dark:disabled:text-dark-muted"
+                    disabled={
+                      (currentUser?.role === 'manager') || 
+                      (editingUser?.role === 'admin' && currentUser?.role !== 'super_admin') ||
+                      (editingUser?.role === 'super_admin' && currentUser?.role !== 'super_admin')
+                    }
+                  >
                     <option value="agent">Agente</option>
                     <option value="manager">Gerente</option>
-                    <option value="admin">Admin</option>
+                    {currentUser?.role !== 'manager' && <option value="admin">Admin</option>}
                   </select>
                 </div>
                 <div>