fix: case-insensitive admin email matching

ADMIN_EMAILS stored lowercase, auth.email compared lowercase.
Prevents rejection when Supabase returns 'Dev@Example.com' but
env var has 'dev@example.com'.

Author: DevanshuNEU

backend/routes/admin.py

@@ -18,15 +18,15 @@
 _VALID_TIERS = {t.value for t in UserTier}
 
 ADMIN_EMAILS = set(
-    e.strip()
+    e.strip().lower()
     for e in os.getenv("ADMIN_EMAILS", "").split(",")
     if e.strip()
 )
 
 
 def require_admin(auth: AuthContext = Depends(require_auth)) -> AuthContext:
     """Dependency that ensures the caller is an admin."""
-    if not auth.email or auth.email not in ADMIN_EMAILS:
+    if not auth.email or auth.email.lower() not in ADMIN_EMAILS:
         raise HTTPException(status_code=403, detail="Admin access required")
     return auth