Phase 6: PDF & Polish — PDF generation, admin users/settings, AI tool

Backend:
- Setting + GeneratedPdf models, Alembic migration with default settings seed
- PDF generation service (WeasyPrint + Jinja2 with autoescape)
- Health report HTML template with memory entries + document excerpts
- Admin user management: list, create, update (role/max_chats/is_active)
- Admin settings: self_registration_enabled, default_max_chats
- Self-registration check wired into auth register endpoint
- default_max_chats applied to new user registrations
- AI tool: generate_pdf creates health compilation PDFs
- PDF compile/list/download API endpoints
- WeasyPrint system deps added to Dockerfile

Frontend:
- PDF reports page with generate + download
- Admin users page with create/edit/activate/deactivate
- Admin settings page with self-registration toggle + max chats
- Extended sidebar with PDF reports + admin users/settings links
- English + Russian translations for all new UI

Review fixes applied:
- Jinja2 autoescape enabled (XSS prevention in PDFs)
- db.refresh after flush (created_at populated correctly)
- storage_path removed from API response (no internal path leak)
- Role field uses Literal["user", "admin"] validation
- React hooks called before conditional returns (rules of hooks)
- default_max_chats setting now applied during registration

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/app/services/auth_service.py

@@ -61,11 +61,15 @@ async def register_user(
             detail="User with this email or username already exists",
         )
 
+    from app.services.setting_service import get_setting_value
+    default_max_chats = await get_setting_value(db, "default_max_chats", 10)
+
     user = User(
         email=data.email,
         username=data.username,
         hashed_password=hash_password(data.password),
         full_name=data.full_name,
+        max_chats=int(default_max_chats),
     )
     db.add(user)
     await db.flush()