#249 [PHASE 1] Add RBAC Permissions to Critical Endpoints

Phase 1: Add @require_permission decorators to: 1. artifacts.py - manage_artifacts permission 2. approvals.py - approve_workflows permission 3. idempotency.py - manage_workflows permission 4. circuit_breakers.py (reset) - manage_system permission 5. dsl_converter.py - submit_workflows permission 6. replay.py - Fix tenant isolation + add view_workflows permission