fix(admin): keep the filter query intact in console pager and export links

The paginated users and messages lists interpolate the pre-encoded filter
query (url.Values.Encode) after the "?" in their pager and CSV-export links.
There html/template treats it as a single query value and percent-encodes the
structural "=" and "&" again, so "kind=robots" rendered as "kind%3drobots" and
the multi-pair message filter collapsed -- every page step dropped the active
filter.

Type FilterQuery as template.URL so the already-escaped fragment is emitted
verbatim (the attribute-level "&" -> "&" stays correct, the browser decodes
it back). It is safe because url.Values.Encode output is strictly
percent-encoded. games/complaints use status={{.Status}} -- a single value in
proper query-value context -- and were never affected.

backend/internal/adminconsole/render_test.go

@@ -2,6 +2,7 @@ package adminconsole
 
 import (
 	"bytes"
+	"html/template"
 	"io/fs"
 	"strings"
 	"testing"
@@ -55,6 +56,56 @@ func TestRendererRendersEveryPage(t *testing.T) {
 	}
 }
 
+// TestPagerLinksPreserveFilterQuery guards the paginated lists whose links carry a
+// pre-encoded filter query (url.Values.Encode) past the page number. The query fragment
+// must reach the link verbatim: the contextual escaper would otherwise re-encode its
+// structural "=" and "&" (turning "kind=robots" into the broken "kind%3drobots"), dropping
+// the active filter on every page step. FilterQuery is typed template.URL to prevent that.
+func TestPagerLinksPreserveFilterQuery(t *testing.T) {
+	r := MustNewRenderer()
+
+	t.Run("users", func(t *testing.T) {
+		var buf bytes.Buffer
+		view := UsersView{Robots: true, FilterQuery: template.URL("kind=robots"), Pager: NewPager(2, 50, 200)}
+		if err := r.Render(&buf, "users", PageData{Title: "Users", Data: view}); err != nil {
+			t.Fatalf("render users: %v", err)
+		}
+		out := buf.String()
+		for _, want := range []string{
+			`href="/_gm/users?kind=robots&page=1"`,
+			`href="/_gm/users?kind=robots&page=3"`,
+		} {
+			if !strings.Contains(out, want) {
+				t.Errorf("users pager: missing %q in:\n%s", want, out)
+			}
+		}
+		if strings.Contains(out, "kind%3drobots") {
+			t.Error("users pager: filter query was double-encoded (kind%3drobots)")
+		}
+	})
+
+	t.Run("messages", func(t *testing.T) {
+		var buf bytes.Buffer
+		view := MessagesView{FilterQuery: template.URL("game=abc&user=def"), Pager: NewPager(2, 50, 200)}
+		if err := r.Render(&buf, "messages", PageData{Title: "Messages", Data: view}); err != nil {
+			t.Fatalf("render messages: %v", err)
+		}
+		out := buf.String()
+		for _, want := range []string{
+			`href="/_gm/messages.csv?game=abc&user=def"`,
+			`href="/_gm/messages?game=abc&user=def&page=1"`,
+			`href="/_gm/messages?game=abc&user=def&page=3"`,
+		} {
+			if !strings.Contains(out, want) {
+				t.Errorf("messages pager: missing %q in:\n%s", want, out)
+			}
+		}
+		if strings.Contains(out, "%3d") || strings.Contains(out, "%26") {
+			t.Error("messages pager: filter query was double-encoded (%3d / %26)")
+		}
+	})
+}
+
 // TestRendererUnknownPage reports an error for a page that does not exist.
 func TestRendererUnknownPage(t *testing.T) {
 	r := MustNewRenderer()