feat(hooks): rank-based API tied to permission_ranks DB table

Drop the SecurityLevel-named family (useIsModerator / useIsAdmin /
useIsCommunity / useIsPlayerSupport / useHasSecurityLevel /
useUserSecurityLevel) in favour of a rank-based family tied to the
operator's actual `permission_ranks` rows in the Arcturus DB:

- `useUserRank()` returns `{ id, name, level, badge, prefix,
  prefixColor }` derived from the snapshot. Powered by the renderer's
  extended IUserDataSnapshot (companion commit 87e67d5 on
  feat/react19-event-bus).
- `useHasRankLevel(min)` replaces useHasSecurityLevel; consumers
  pass a `permission_ranks.level` threshold from the deployment.
- `useIsRank(name)` matches `permission_ranks.rank_name` exactly.

To avoid bare integers in widget bodies, added a deployment-scoped
constants file at `src/api/nitro/session/RankLevels.ts`:

  export const STAFF_LEVELS = {
      MEMBER: 1, SUPPORT: 4, MOD: 5, SUPER_MOD: 6, ADMIN: 7
  };

A deployment that re-numbers `permission_ranks` only edits this file.

Migrated all 11 consumer reads (same set as the earlier session's
useIsModerator migration plus the audit catch): ToolbarView,
CatalogClassicView, CatalogModernView, ChooserWidgetView,
CalendarView, YouTubePlayerView, FurniEditorView,
InfoStandWidgetFurniView, AvatarInfoWidgetPetView,
FurnitureMannequinView, NavigatorRoomInfoView. The
NavigatorRoomInfoView `staff_pick` permission was previously
`securityLevel >= COMMUNITY (7)` via the renderer-enum wrapper —
ported to `useHasRankLevel(STAFF_LEVELS.ADMIN)` because in the
default seed level 7 is Administrator, which is the actual rank that
gets the `acc_anyroomowner`-style permissions for staff-picking.

Tests refreshed under `useSessionSnapshots.test.tsx`:
- useUserRank surfaces the full metadata block;
- useHasRankLevel does `>=` against the threshold;
- useIsRank exact-matches against rank_name;
- a runtime promote (snapshot mutation + SESSION_DATA_UPDATED
  dispatch) flips the result, locking in the reactive contract.

Mock extended only minimally — kept the SecurityLevel enum class for
any consumer outside the dropped family that still imports it.

Verification: yarn typecheck clean, yarn lint:hooks clean, yarn test
213/213. The Arcturus-side composer change (UserPermissionsComposer
appending the 5 extra fields) is staged but UNCOMMITTED on Arcturus
main (which has unrelated WIP); the wire is backward-compatible so
the React client works against both pre- and post-extension
emulators.

src/api/nitro/session/RankLevels.ts

@@ -0,0 +1,29 @@
+/**
+ * Deployment-specific rank-level constants.
+ *
+ * Mirrors the `level` column of `permission_ranks` for the operator's
+ * Arcturus instance. Defined in ONE place so widget code can express
+ * intent via `useHasRankLevel(STAFF_LEVELS.MOD)` instead of bare
+ * integers, and so a deployment that re-numbers its ranks (e.g. adds
+ * a "Super Admin" at level 8) only has to update this file.
+ *
+ * Default seed (Arcturus-Morningstar-Extended ≥ 4.2.10):
+ *   1 Member       | 2 VIP    | 3 X
+ *   4 Support      | 5 Moderator | 6 Super Mod
+ *   7 Administrator
+ *
+ * Update the constants here to match `permission_ranks.level` in your
+ * deployment if you customised them.
+ */
+export const STAFF_LEVELS = {
+    /** Member level — the floor for non-staff users. */
+    MEMBER: 1,
+    /** Lowest staff tier — Support agents. */
+    SUPPORT: 4,
+    /** Moderator (covers in-room moderation actions). */
+    MOD: 5,
+    /** Super Mod (extended moderation surface). */
+    SUPER_MOD: 6,
+    /** Administrator — full staff privileges. */
+    ADMIN: 7
+} as const;

src/api/nitro/session/index.ts

@@ -16,5 +16,6 @@ export * from './HasHabboVip';
 export * from './IsOwnerOfFloorFurniture';
 export * from './IsOwnerOfFurniture';
 export * from './IsRidingHorse';
+export * from './RankLevels';
 export * from './StartRoomSession';
 export * from './VisitDesktop';