Gate event creation to coordinators (sevak+)

[KishParikh13]

What

Locks event creation to coordinators (verification_level ≥ SEVAK / 54) or global admins. This implements the beta decision: only admins create events; pilot coordinators (San Jose / Dallas) get admin access and invite normal members to their center.

Previously any signed-in user saw the "Create" button — that was temporary beta scaffolding (explore.web.tsx literally said "Beta: any signed-in user can create events… post-beta this becomes a coordinator-tier gate"). This turns the gate on.

Changes

• Backend POST /addEvent: rejects below-SEVAK callers with 403 (admins still allowed).
• Frontend: hides the Create entry point on Discover for non-coordinators via isSevakOrAdmin(user) — covers all three entry points:
  • app/(tabs)/explore.tsx (native)
  • app/(tabs)/explore.web.tsx (desktop web)
  • components/explore/MobileDiscoverFallback.web.tsx (mobile web)
• Tests: promote the event-creating fixtures to SEVAK (they represent coordinators); add a negative test asserting a normal member gets 403.

Notes

• Edit/delete gates are unchanged (already creator-or-admin on both platforms).
• Beta coordinators must be provisioned at level 54 in prod D1 (ops task, tracked separately).
• Part of the round-1 event-admin work; companion PRs: admin attendee roster + CSV export, guest-RSVP open-by-default, invite-link share fix.

Test plan

• npm run typecheck (backend + frontend) clean
• npm run test backend — 432 passing (incl. new 403 test)
• Manual: as a normal member, no Create button on Discover (native/desktop/mobile-web); as sevak/admin, Create is present and works

[cloudflare-workers-and-pages]

Deploying chinmaya-janata with    Cloudflare Pages

Latest commit:	c66ec5e
Status:	✅  Deploy successful!
Preview URL:	https://2f36a412.project-janatha.pages.dev
Branch Preview URL:	https://feat-admins-only-event-creat.project-janatha.pages.dev

View logs