chore(docs): align API and permissions docs with implemented behavior

Fix stale build-guide links, document the implemented quotes API scopes/endpoints, and clarify quote access plus permission-denial behavior so docs match route and test-backed behavior.

docs/api/REST_API.md

@@ -86,6 +86,8 @@ API tokens use scopes to control access to resources. When creating a token, sel
 | `write:tasks` | Create and update tasks |
 | `read:clients` | View clients |
 | `write:clients` | Create and update clients |
+| `read:quotes` | View quotes |
+| `write:quotes` | Create and update quotes |
 | `read:reports` | View reports and analytics |
 | `read:users` | View user information |
 | `admin:all` | Full administrative access (use with caution) |
@@ -695,6 +697,54 @@ POST /api/v1/clients
 }
 ```
 
+### Quotes
+
+#### List Quotes
+```
+GET /api/v1/quotes
+```
+
+**Required Scope:** `read:quotes`
+
+#### Get Quote
+```
+GET /api/v1/quotes/{quote_id}
+```
+
+**Required Scope:** `read:quotes`
+
+#### Create Quote
+```
+POST /api/v1/quotes
+```
+
+**Required Scope:** `write:quotes`
+
+**Request Body (example):**
+```json
+{
+  "client_id": 1,
+  "title": "Website maintenance retainer",
+  "description": "Monthly maintenance and support",
+  "tax_rate": 21.0,
+  "currency_code": "EUR"
+}
+```
+
+#### Update Quote
+```
+PUT /api/v1/quotes/{quote_id}
+```
+
+**Required Scope:** `write:quotes`
+
+#### Delete Quote
+```
+DELETE /api/v1/quotes/{quote_id}
+```
+
+**Required Scope:** `write:quotes`
+
 ### Inventory
 
 Inventory endpoints require the **inventory module** to be enabled (Admin settings). They use `read:projects` and `write:projects` scopes.