feat(admin-console): Stage 1 — pipe + skeleton behind the gateway

Add the server-rendered operator console at /_gm, exposed publicly through
the gateway behind the existing admin_accounts Basic Auth.

Backend:
- new internal/adminconsole package (html/template Renderer, stateless HMAC
  CSRF signer, embedded stylesheet)
- /_gm route group reusing basicauth.Middleware(admin.Service) + a CSRF guard
  (per-operator token + same-origin check); dashboard landing page
- BACKEND_ADMIN_CONSOLE_CSRF_KEY config (per-process random fallback)

Gateway:
- new "admin" public route class (per-IP rate limit, body + GET/HEAD/POST
  method limits) classifying /_gm traffic
- reverse proxy to the backend /_gm surface, preserving Host and relaying the
  backend 401 Basic Auth challenge; 502 when the backend is unreachable
- GATEWAY_PUBLIC_HTTP_ANTI_ABUSE_ADMIN_* config

dev-deploy:
- Caddy routes /_gm/* to the gateway
- bootstrap admin + stable CSRF key; enable Prometheus /metrics exporters on
  backend and gateway (forward-compat for a future Prometheus/Grafana stack)

Docs: ARCHITECTURE 14.1/16, FUNCTIONAL 10.2.1 (+ru mirror), backend and
gateway READMEs, new backend/docs/admin-console.md.

Tests: renderer + CSRF unit tests; backend router auth/render/asset/CSRF;
gateway classifier, proxy forwarding/Host/401/405/413/429/502.

docs/ARCHITECTURE.md

@@ -581,6 +581,30 @@ directly.
   `/api/v1/admin/notifications/*`) reuse the per-domain logic of the
   module they target.
 
+### 14.1 Operator console (`/_gm`)
+
+`backend` also serves a server-rendered operator console under the `/_gm`
+route group — the human-facing surface for the admin operations otherwise
+exposed as JSON under `/api/v1/admin/*`. It reuses the `admin_accounts`
+Basic Auth verifier and renders pages with the standard library's
+`html/template` (navigation by path and query, Post/Redirect/Get on
+writes; no client framework or build step).
+
+Unlike the internal-only JSON admin API, the console is reachable from the
+public edge: Caddy routes `/_gm/*` to the gateway public listener, which
+classifies it as the `admin` anti-abuse class (per-IP rate limit, body and
+method limits) and reverse-proxies it to `backend`'s `/_gm` surface. The
+gateway preserves the inbound `Host` and relays the backend's 401 Basic
+Auth challenge unchanged, so the browser shows its native credential
+dialog. Authentication is enforced by `backend`; the gateway contributes
+only the edge anti-abuse layer.
+
+State-changing requests are guarded against CSRF by a stateless token
+(HMAC-SHA256 over the authenticated username, keyed by
+`BACKEND_ADMIN_CONSOLE_CSRF_KEY`; a per-process random key is used when the
+variable is unset) plus a same-origin `Origin`/`Referer` check. See
+`backend/docs/admin-console.md` for the console design.
+
 ## 15. Transport Security Model (gateway boundary)
 
 This section describes the secure exchange model between client and
@@ -823,7 +847,8 @@ business validation and authorisation.
 | Session revocation propagation                           | backend → gateway       | `session_invalidation` over the gRPC push stream flips the gateway-side cache entry to revoked and closes any active push stream. |
 | Authorisation, ownership, state transitions              | backend                 | `X-User-ID` is the sole identity input on the user surface.                                     |
 | Edge rate limiting                                       | gateway                 | Backend has no rate-limit responsibility in MVP.                                                |
-| Admin authentication                                     | backend                 | Basic Auth against `admin_accounts`.                                                            |
+| Admin authentication                                     | backend                 | Basic Auth against `admin_accounts`; the `/_gm` operator console reuses the same verifier.       |
+| Admin console CSRF                                        | backend                 | Stateless HMAC token (`BACKEND_ADMIN_CONSOLE_CSRF_KEY`) + same-origin `Origin`/`Referer` check on `/_gm` writes. |
 | Engine API authentication                                | network                 | Engine listens only on the trusted network; backend is the only caller.                         |
 
 ### Backend ↔ Gateway trust