fix(admin): fresh SSR reads, atomic user delete + sanitized errors, cookie-rotation in middleware, no-store on admin APIs

lib/supabase/admin.ts

@@ -11,6 +11,13 @@ export function getSupabaseAdmin(): SupabaseClient {
   }
   _admin = createClient(url, key, {
     auth: { autoRefreshToken: false, persistSession: false },
+    global: {
+      // Force every request the admin client makes (GoTrue listUsers and
+      // PostgREST reads alike) to bypass Next's fetch Data Cache, so the admin
+      // surface always reflects current state regardless of page config.
+      fetch: (input: RequestInfo | URL, init?: RequestInit) =>
+        fetch(input, { ...init, cache: 'no-store' }),
+    },
   });
   return _admin;
 }