Database Role Separation

Database Role Separation

Replaced the single shared database role with proper separation of duties:

• Admin role — owns all database objects, used for maintenance and manual administration
• Application role — least-privilege connection with DML-only access, row-level security enforced
• Elevated role — unchanged, used for specific admin queries via role switching

Legacy shared role has been dropped. Application now connects with minimum required privileges.

Cleanup

• Removed stale development-era table from public schema
• Removed duplicate SSL certificate (covered by multi-domain cert)