feat(db): add UAT persona staff records to seed script

- Add UAT Super User and Staff User staff records creation in seedKnownUsers()
- Staff records created with oidcSub from SEED_UAT_*_OIDC_SUB env vars
- Supports linking Terraform-provisioned Authentik users to staff records

GRO-528
Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/db/src/seed.ts

@@ -368,6 +368,60 @@ async function seedKnownUsers() {
     }
   }
 
+  // ── Staff: UAT Super User (from Terraform via env var) ──
+  const uatSuperOidcSub = process.env.SEED_UAT_SUPER_OIDC_SUB;
+  if (uatSuperOidcSub) {
+    const UAT_SUPER_STAFF_ID = "00000000-0000-0000-0000-000000000003";
+    const uatSuperEmail = "uat-super-user@groombook.dev";
+    const [existingSuper] = await db
+      .select()
+      .from(schema.staff)
+      .where(eq(schema.staff.email, uatSuperEmail))
+      .limit(1);
+
+    if (existingSuper) {
+      console.log(`✓ UAT Super User staff '${existingSuper.name}' already exists — skipping`);
+    } else {
+      await db.insert(schema.staff).values({
+        id: UAT_SUPER_STAFF_ID,
+        name: "UAT Super User",
+        email: uatSuperEmail,
+        oidcSub: uatSuperOidcSub,
+        role: "manager",
+        isSuperUser: true,
+        active: true,
+      });
+      console.log(`✓ Created UAT Super User staff (oidcSub: ${uatSuperOidcSub})`);
+    }
+  }
+
+  // ── Staff: UAT Staff User (from Terraform via env var) ──
+  const uatStaffOidcSub = process.env.SEED_UAT_STAFF_OIDC_SUB;
+  if (uatStaffOidcSub) {
+    const UAT_STAFF_STAFF_ID = "00000000-0000-0000-0000-000000000004";
+    const uatStaffEmail = "uat-staff-user@groombook.dev";
+    const [existingStaff] = await db
+      .select()
+      .from(schema.staff)
+      .where(eq(schema.staff.email, uatStaffEmail))
+      .limit(1);
+
+    if (existingStaff) {
+      console.log(`✓ UAT Staff User '${existingStaff.name}' already exists — skipping`);
+    } else {
+      await db.insert(schema.staff).values({
+        id: UAT_STAFF_STAFF_ID,
+        name: "UAT Staff User",
+        email: uatStaffEmail,
+        oidcSub: uatStaffOidcSub,
+        role: "groomer",
+        isSuperUser: false,
+        active: true,
+      });
+      console.log(`✓ Created UAT Staff User (oidcSub: ${uatStaffOidcSub})`);
+    }
+  }
+
   // ── Services: idempotent upsert using name as unique key ─────────────────────
   // UNIQUE constraint on services.name (migration 0020) must exist first.
   // Uses b0000001-... IDs to match main seed servicesDef for same-named services.