Stage 10: admin console & dictionary ops (complaint review, hot-reload, broadcasts)

Server-rendered admin console in the backend at /_gm (internal/adminconsole),
fronted on the gateway's public listener by Basic-Auth + a verbatim reverse proxy
(mounted on the edge mux below the h2c wrap). A same-origin check guards its POSTs;
no operator identity is tracked. This supersedes the Stage 6 gateway-fronts-
/api/v1/admin model: GATEWAY_ADMIN_ADDR and the backend /api/v1/admin ping are
dropped and gateway/internal/admin is repurposed to the verbatim proxy.

- Complaints: migration 00008 (+ jetgen) adds disposition/resolution_note/
  resolved_at/applied_in_version + the deferred status CHECK; resolution feeds a
  query-derived pending dictionary-change pipeline (marked applied after a reload).
- Dictionary hot-reload: per-version subdir BACKEND_DICT_DIR/<version>/ via the new
  Registry.LoadAvailable; engine.OpenWithVersions restores resident versions on
  restart. Partially addresses TODO-2.
- Broadcasts: a backend Telegram-connector client (internal/connector,
  BACKEND_CONNECTOR_ADDR) for SendToUser / SendToGameChannel (discharges the Stage 9
  forward-note).
- Admin reads: account.ListAccounts/CountAccounts/Identities and
  game.ListGames/CountGames/GameByID/ListComplaints/GetComplaint/CountComplaints/
  ResolveComplaint/DictionaryChanges/MarkChangesApplied.
- Tests: adminconsole render, engine reload, same-origin guard, gateway verbatim
  proxy + h2c console mount, inttest complaint pipeline + list/count + /_gm console.
- Docs: PLAN (Stage 10 done + refinements + TODO-2), ARCHITECTURE §1/§5/§6/§12/§13,
  FUNCTIONAL (+_ru), TESTING, backend/gateway READMEs.

backend/README.md

@@ -73,8 +73,15 @@ uses to route out-of-app push to the Telegram connector, extends the Telegram lo
 seed a new account's language and display name from the launch fields, and adds
 migration `00007` (`accounts.notifications_in_app_only`, default true).
 Migration `00005` adds `accounts.is_guest`: an ephemeral guest is a durable row
-with no identity, excluded from statistics. The shared wire contracts live in the
-sibling [`../pkg`](../pkg) module.
+with no identity, excluded from statistics. **Stage 10** adds the server-rendered
+**admin console** at `/_gm` (`internal/adminconsole` + `internal/server/handlers_admin_console.go`;
+the gateway fronts it with Basic-Auth and a same-origin guard protects its POSTs), the
+**complaint resolution** lifecycle (migration `00008` adds `disposition`/`resolution_note`/
+`resolved_at`/`applied_in_version` + the `status` CHECK) feeding a dictionary-change
+pipeline, dictionary **hot-reload** from `BACKEND_DICT_DIR/<version>/`
+(`engine.OpenWithVersions` / `Registry.LoadAvailable`), and operator **broadcasts** via a
+backend Telegram-connector client (`internal/connector`, `BACKEND_CONNECTOR_ADDR`). The
+shared wire contracts live in the sibling [`../pkg`](../pkg) module.
 
 ## Package layout
 
@@ -94,6 +101,8 @@ internal/game/       # game domain: lifecycle, journal+cache, hint, word-check,
 internal/social/     # friend graph, per-user blocks, per-game chat + nudge, content filter
 internal/lobby/      # in-memory matchmaking pool (+ robot substitution) + friend-game invitations
 internal/robot/      # human-like robot opponent: account pool, seed-derived strategy, move driver
+internal/adminconsole/ # server-rendered admin console (Go templates + embedded CSS, view models), served at /_gm
+internal/connector/  # backend gRPC client to the Telegram connector (operator broadcasts)
 ```
 
 ## Configuration (environment)
@@ -123,6 +132,7 @@ internal/robot/      # human-like robot opponent: account pool, seed-derived str
 | `BACKEND_SMTP_USERNAME` | — | SMTP user; empty relays without authentication. |
 | `BACKEND_SMTP_PASSWORD` | — | SMTP password. |
 | `BACKEND_SMTP_FROM` | `no-reply@localhost` | Envelope/From address for confirm-codes. |
+| `BACKEND_CONNECTOR_ADDR` | — | Telegram connector gRPC address for admin-console operator broadcasts. Empty disables broadcasts. |
 
 ## Run