feat(project): Complete Project Lifecycle capability with full TDD workflow

- Implement ProjectController with CRUD, status transitions, estimate/forecast
- Add ProjectService with state machine validation
- Extract ProjectStatusService for reusable state machine logic
- Add ProjectPolicy for role-based authorization
- Create ProjectSeeder with test data
- Implement frontend project management UI with modal forms
- Add projectService API client
- Complete all 9 incomplete unit tests (ProjectModelTest, ProjectForecastTest, ProjectPolicyTest)
- Fix E2E test timing issues with loading state waits
- Add Scribe API documentation annotations
- Improve forecasted effort validation messages with detailed feedback

Test Results:
- Backend: 49 passed (182 assertions)
- Frontend Unit: 32 passed
- E2E: 134 passed (Chromium + Firefox)

Phase 3 Refactor:
- Extract ProjectStatusService for state machine
- Optimize project list query with status joins
- Improve forecasted effort validation messages

Phase 4 Document:
- Add Scribe annotations to ProjectController
- Generate API documentation

backend/app/Policies/ProjectPolicy.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Project;
+use App\Models\User;
+
+class ProjectPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        // All authenticated users can view projects
+        return true;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Project $project): bool
+    {
+        // All authenticated users can view individual projects
+        return true;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        // Only superusers and managers can create projects
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Project $project): bool
+    {
+        // Only superusers and managers can update projects
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Project $project): bool
+    {
+        // Only superusers and managers can delete projects
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can transition project status.
+     */
+    public function updateStatus(User $user, Project $project): bool
+    {
+        // Only superusers and managers can transition status
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can set approved estimate.
+     */
+    public function setEstimate(User $user, Project $project): bool
+    {
+        // Only superusers and managers can set estimates
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can set forecasted effort.
+     */
+    public function setForecast(User $user, Project $project): bool
+    {
+        // Only superusers and managers can set forecasts
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Project $project): bool
+    {
+        // Only superusers and managers can restore projects
+        return in_array($user->role, ['superuser', 'manager']);
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Project $project): bool
+    {
+        // Only superusers can force delete projects
+        return $user->role === 'superuser';
+    }
+}