feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features:
- ✅ Multi-tenant architecture (tenant isolation)
- ✅ Employee CRUD with lifecycle management (onboarding/offboarding)
- ✅ Department tree structure with email domain management
- ✅ Company info management (single-record editing)
- ✅ System functions CRUD (permission management)
- ✅ Email account management (multi-account per employee)
- ✅ Keycloak SSO integration (auth.lab.taipei)
- ✅ Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backend/check_keycloak_users.py

@@ -0,0 +1,54 @@
+"""
+檢查 Keycloak 中的現有用戶
+"""
+import sys
+sys.path.insert(0, '.')
+
+from app.services.keycloak_service import KeycloakService
+
+# 初始化 Keycloak 服務
+keycloak = KeycloakService()
+
+print("=== Checking Keycloak Users ===\n")
+
+# 檢查是否有用戶
+try:
+    if keycloak.admin:
+        # 取得所有用戶
+        users = keycloak.admin.get_users({})
+        print(f"Total users in realm 'porscheworld': {len(users)}\n")
+
+        for user in users:
+            print(f"Username: {user.get('username')}")
+            print(f"  Email: {user.get('email')}")
+            print(f"  ID: {user.get('id')}")
+            print(f"  Enabled: {user.get('enabled')}")
+            print(f"  Email Verified: {user.get('emailVerified')}")
+            print()
+
+        # 檢查是否有 porsche.chen 用戶
+        target_user = keycloak.get_user_by_username("porsche.chen")
+        if target_user:
+            print("=== Found 'porsche.chen' user ===")
+            print(f"User ID: {target_user.get('id')}")
+            print(f"Email: {target_user.get('email')}")
+            print(f"\nTo delete this user, run:")
+            print(f"  python delete_keycloak_user.py {target_user.get('id')}")
+        else:
+            print("User 'porsche.chen' not found")
+
+            # 檢查是否有使用 porsche.chen@porscheworld.tw 的用戶
+            for user in users:
+                if user.get('email') == 'porsche.chen@porscheworld.tw':
+                    print(f"\n=== Found user with email 'porsche.chen@porscheworld.tw' ===")
+                    print(f"Username: {user.get('username')}")
+                    print(f"User ID: {user.get('id')}")
+                    print(f"\nTo delete this user, run:")
+                    print(f"  python delete_keycloak_user.py {user.get('id')}")
+    else:
+        print("ERROR: Keycloak Admin not initialized")
+
+except Exception as e:
+    print(f"ERROR: {e}")
+    import traceback
+    traceback.print_exc()