Fix permission and role management bugs

Fix multiple permission and role-related issues:

1. Gantt chart access: Replace is_admin check with view_projects permission
   - Users with custom roles having view_projects permission can now access
     Gantt charts, not just admins
   - Updated app/routes/gantt.py to check permissions properly

2. Task view filtering: Replace is_admin check with view_all_tasks permission
   - Users with custom roles having view_all_tasks permission can now see
     all tasks in the Tasks view, not just admins
   - Updated app/services/task_service.py to accept has_view_all_tasks parameter
   - Updated app/routes/tasks.py list_tasks and export_tasks to use permission check

3. Role assignment security: Prevent privilege escalation
   - Added is_super_admin property to User model
   - Only super_admins can assign super_admin role to users
   - Only super_admins can remove admin role from themselves or others
   - Prevents admins from escalating privileges or removing admin access
   - Updated app/routes/permissions.py manage_user_roles with validation

4. Version display consistency: Ensure consistent version display
   - Added APP_VERSION environment variable to docker-compose.example.yml
   - Ensures version is displayed consistently when using pre-built images

All changes maintain backward compatibility and follow the existing
permission system architecture.

app/models/user.py

@@ -148,6 +148,12 @@ class User(UserMixin, db.Model):
         # Check if user has any admin role
         return any(role.name in ["admin", "super_admin"] for role in self.roles)
 
+    @property
+    def is_super_admin(self):
+        """Check if user is a super admin"""
+        # Check if user has super_admin role
+        return any(role.name == "super_admin" for role in self.roles)
+
     @property
     def active_timer(self):
         """Get the user's currently active timer"""