Function require_admin_role 

pub async fn require_admin_role(
    expected_role: Arc<str>,
    req: Request<Body>,
    next: Next,
) -> Response

Role-check middleware for admin routes.

Reads the caller’s role from the AuthIdentity request extension (populated by the outer auth middleware) and rejects requests whose role does not match expected_role.