Currently, any admin can promote users to the owner role, demote existing owners, or delete owner memberships. There is no authorization guard limiting these operations to owners only.

This creates a privilege escalation path where an admin can grant themselves (or others) owner-level access without any owner's involvement.

Expected Behavior

Only organization owners should be able to:

• Promote a member to the owner role
• Demote an existing owner to a lower role
• Delete an owner's membership from the organization

Acceptance Criteria

• A new authorization policy restricts owner-management operations to the owner role
• DeleteOther and UpdateRole in the membership use case enforce this policy when the target is an owner or the new role is owner
• Integration tests cover all combinations (admin vs owner caller, promote/demote/delete)