Edit Issue - .issue.db

Title *

Description

## Parent Epic: #195

## Description
Add new RBAC permissions and update roles for app management.

## Location
engine/security/rbac_roles.py

## New Permissions (11 total)

### App Registry Management
- register_apps: Register new apps (publishers)
- update_apps: Update app metadata/versions
- delete_apps: Deregister apps (soft delete)
- publish_apps: Publish app versions (draft -> published)

### App Installation (Tenant)
- install_apps: Install apps to tenant
- uninstall_apps: Remove apps from tenant
- configure_apps: Update app configuration
- manage_app_secrets: Manage app secrets in Vault

### App Usage
- use_apps: Use apps in workflows
- view_apps: View available apps
- view_app_logs: View app execution logs

## Role Updates

### tenant_admin
All 11 permissions

### workflow_author
- use_apps, view_apps

### workflow_operator
- use_apps, view_apps, view_app_logs

### developer
- register_apps, update_apps, publish_apps
- install_apps, configure_apps
- use_apps, view_apps, view_app_logs

## Implementation

1. Add APP_PERMISSIONS list
2. Add ROLE_APP_PERMISSIONS mapping
3. Update PREDEFINED_ROLES to include app permissions
4. Update initialize_tenant_roles() to create app permissions

## Migration Considerations
- Existing tenants need app permissions added
- Create migration helper function

## Testing
- Verify permissions work via API
- Test role-permission inheritance
- Test permission checks in app endpoints

Due Date (YYYY-MM-DD)

Tags (comma separated)

Related Issues (IDs)

Enter IDs of issues related to this one. They will be linked as 'related'.

Edit Issue #199