feat: Add granular role-based permissions system with Entra ID integration

- Implement RBAC with viewer/editor/owner roles using bitwise permissions
      - Add AccessRole, AclEntry, and Group models for permission management
      - Create PermissionService for core permission logic and validation
      - Integrate Microsoft Graph API for Entra ID user/group search
      - Add middleware for resource access validation with custom ID resolvers
      - Implement bulk permission updates with transaction support
      - Create permission management UI with people picker and role selection
      - Add public sharing capabilities for resources
      - Include database migration for existing agent ownership
      - Support hybrid local/Entra ID identity management
      - Add comprehensive test coverage for all new services

chore: Update @librechat/data-schemas to version 0.0.9 and export common module in index.ts

fix: Update userGroup tests to mock logger correctly and change principalId expectation from null to undefined

client/src/data-provider/Agents/queries.ts

@@ -54,7 +54,7 @@ export const useListAgentsQuery = <TData = t.AgentListResponse>(
 };
 
 /**
- * Hook for retrieving details about a single agent
+ * Hook for retrieving basic details about a single agent (VIEW permission)
  */
 export const useGetAgentByIdQuery = (
   agent_id: string,
@@ -75,3 +75,26 @@ export const useGetAgentByIdQuery = (
     },
   );
 };
+
+/**
+ * Hook for retrieving full agent details including sensitive configuration (EDIT permission)
+ */
+export const useGetExpandedAgentByIdQuery = (
+  agent_id: string,
+  config?: UseQueryOptions<t.Agent>,
+): QueryObserverResult<t.Agent> => {
+  return useQuery<t.Agent>(
+    [QueryKeys.agent, agent_id, 'expanded'],
+    () =>
+      dataService.getExpandedAgentById({
+        agent_id,
+      }),
+    {
+      refetchOnWindowFocus: false,
+      refetchOnReconnect: false,
+      refetchOnMount: false,
+      retry: false,
+      ...config,
+    },
+  );
+};