DAR-147 — Local dev security bypass and Keycloak role name normalization

• Add LocalSecurityConfiguration active on local profile only — bypasses JWT validation and injects ROLE_SUPER_ADMIN / ROLE_ADMIN / ROLE_MODERATOR so admin endpoints are reachable without a running Keycloak instance during local development
• Restrict SecurityConfiguration to !local profiles to prevent both filter chains from conflicting
• Fix assignRealmRole in AdminUserServiceImpl: enum names are UPPER_SNAKE (e.g. SUPER_ADMIN) but Keycloak stores realm roles in lower-hyphen form (super-admin) — the mismatch was causing role assignment to silently fail or throw
• Improve Keycloak user creation error to include the response body, making failures easier to diagnose