docs(core): update server boundary rules and fix db import paths

- document `.server.js` suffix requirement for node-only imports in DEV.md
- add client-safe subentries table and server-only barrel warnings in MODULES.md
- fix `crud.js` and `database/index.js` to import from `db.server.js`
- replace `createRequire` with `pathToFileURL` in `discover.server.js` for ESM-only modules
- update admin navigation and registry to use safe client-compatible imports
- bump version to 1.4.132

src/features/admin/navigation.js

@@ -5,7 +5,7 @@ import {
   getNavItems,
 } from './registry.js';
 import { isDevkitEnabled } from '../../shared/lib/appConfig.js';
-import { PERMISSIONS } from '@zen/core/users';
+import { PERMISSIONS } from '@zen/core/users/constants';
 
 // Sections et items core — enregistrés à l'import de ce module.
 registerNavSection({ id: 'dashboard', title: 'Tableau de bord', icon: 'DashboardSquare03Icon', order: 10 });