feat: Plan-based feature permissions and quota enforcement

Backend:
- Add HasQuota() permission factory for quota limits (resources, users, services, appointments, email templates, automated tasks)
- Add HasFeaturePermission() factory for feature-based permissions (SMS, masked calling, custom domains, white label, plugins, webhooks, calendar sync, analytics)
- Add has_feature() method to Tenant model for flexible permission checking
- Add new tenant permission fields: can_create_plugins, can_use_webhooks, can_use_calendar_sync, can_export_data
- Create Data Export API with CSV/JSON support for appointments, customers, resources, services
- Create Analytics API with dashboard, appointments, revenue endpoints
- Add calendar sync views and URL configuration

Frontend:
- Add usePlanFeatures hook for checking feature availability
- Add UpgradePrompt components (inline, banner, overlay variants)
- Add LockedSection wrapper and LockedButton for feature gating
- Update settings pages with permission checks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

frontend/src/hooks/useBusiness.ts

@@ -49,6 +49,22 @@ export const useCurrentBusiness = () => {
         paymentsEnabled: data.payments_enabled ?? false,
         // Platform-controlled permissions
         canManageOAuthCredentials: data.can_manage_oauth_credentials || false,
+        // Plan permissions (what features are available based on subscription)
+        planPermissions: data.plan_permissions || {
+          sms_reminders: false,
+          webhooks: false,
+          api_access: false,
+          custom_domain: false,
+          white_label: false,
+          custom_oauth: false,
+          plugins: false,
+          export_data: false,
+          video_conferencing: false,
+          two_factor_auth: false,
+          masked_calling: false,
+          pos_system: false,
+          mobile_app: false,
+        },
       };
     },
   });