feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features:
- ✅ Multi-tenant architecture (tenant isolation)
- ✅ Employee CRUD with lifecycle management (onboarding/offboarding)
- ✅ Department tree structure with email domain management
- ✅ Company info management (single-record editing)
- ✅ System functions CRUD (permission management)
- ✅ Email account management (multi-account per employee)
- ✅ Keycloak SSO integration (auth.lab.taipei)
- ✅ Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backend/fix_tenant_user_roles.py

@@ -0,0 +1,48 @@
+"""
+修正 tenant_user_roles 表結構
+新增缺少的 edit_by 欄位
+"""
+import psycopg2
+
+conn = psycopg2.connect(
+    host="10.1.0.20",
+    port=5433,
+    database="hr_portal",
+    user="admin",
+    password="DC1qaz2wsx"
+)
+conn.autocommit = False
+cur = conn.cursor()
+
+try:
+    print("Adding edit_by column to tenant_user_roles...")
+
+    # 新增 edit_by 欄位
+    cur.execute("""
+        ALTER TABLE tenant_user_roles
+        ADD COLUMN IF NOT EXISTS edit_by VARCHAR(100);
+    """)
+
+    conn.commit()
+    print("SUCCESS: edit_by column added")
+
+    # 驗證
+    cur.execute("""
+        SELECT column_name
+        FROM information_schema.columns
+        WHERE table_name = 'tenant_user_roles' AND column_name = 'edit_by';
+    """)
+    result = cur.fetchone()
+    if result:
+        print(f"Verified: {result[0]} column exists")
+    else:
+        print("ERROR: Column not found after adding")
+
+except Exception as e:
+    conn.rollback()
+    print(f"ERROR: {e}")
+    import traceback
+    traceback.print_exc()
+finally:
+    cur.close()
+    conn.close()