fix: remove any types, dead code, unused exports; add comprehensive tests

- Fix handleRotate bug ignoring Result from rotateSealedSecret()
- Fix dead code branch in useControllerHealth
- Replace all `any` types with `unknown` + type guards
- Delete unused functions/exports (452 lines removed)
- Add 18 new test files covering all hooks, libs, and components
- 233 tests passing, zero tsc errors, zero lint issues

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/hooks/usePermissions.ts

@@ -85,53 +85,3 @@ export function usePermission(
 
   return { loading, allowed };
 }
-
-/**
- * Hook to check if user has any write permissions
- *
- * Returns true if user can create, update, or delete.
- * Useful for showing/hiding entire sections of UI.
- *
- * @param namespace Optional namespace to check
- * @returns Object with loading state and hasWriteAccess flag
- *
- * @example
- * const { loading, hasWriteAccess } = useHasWriteAccess('default');
- * if (hasWriteAccess) {
- *   // Show management UI
- * }
- */
-export function useHasWriteAccess(namespace?: string) {
-  const { loading, permissions } = usePermissions(namespace);
-
-  const hasWriteAccess =
-    permissions?.canCreate || permissions?.canUpdate || permissions?.canDelete || false;
-
-  return { loading, hasWriteAccess };
-}
-
-/**
- * Hook to check if user has read-only access
- *
- * Returns true if user can read/list but cannot create/update/delete.
- *
- * @param namespace Optional namespace to check
- * @returns Object with loading state and isReadOnly flag
- *
- * @example
- * const { loading, isReadOnly } = useIsReadOnly('default');
- * if (isReadOnly) {
- *   // Show read-only warning
- * }
- */
-export function useIsReadOnly(namespace?: string) {
-  const { loading, permissions } = usePermissions(namespace);
-
-  const isReadOnly =
-    (permissions?.canRead || permissions?.canList) &&
-    !permissions?.canCreate &&
-    !permissions?.canUpdate &&
-    !permissions?.canDelete;
-
-  return { loading, isReadOnly };
-}