fix: Use request.tenant for staff filtering in multi-tenant context

- UserTenantFilteredMixin now uses request.tenant (from django-tenants
  middleware) instead of request.user.tenant for filtering
- ResourceSerializer._get_valid_user uses request.tenant for validation
- Frontend useResources sends user_id instead of user field

This fixes 400 errors when creating staff resources because the tenant
context is now correctly derived from the subdomain being accessed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

frontend/src/hooks/useResources.ts

@@ -70,8 +70,7 @@ export const useCreateResource = () => {
       const backendData: any = {
         name: resourceData.name,
         type: resourceData.type,
-        user: resourceData.userId ? parseInt(resourceData.userId) : null,
-        timezone: 'UTC', // Default timezone
+        user_id: resourceData.userId ? parseInt(resourceData.userId) : null,
       };
 
       if (resourceData.maxConcurrentEvents !== undefined) {