feat: Implement module permissions system with database-driven access control

- Added `users_permissions` table for managing user permissions.
- Created `PermissionRepository` for handling permission logic.
- Refactored `controls\Users::permissions()` to utilize the new database structure.
- Introduced AJAX endpoint for saving user permissions.
- Enhanced user management UI with permission checkboxes.
- Added vacation management template for handling employee absences.
- Implemented tests for `PermissionRepository`.

.serena/memories/project_overview.md

@@ -0,0 +1,26 @@
+# CRM PRO - Project Overview
+
+## Purpose
+Polish-language CRM for task/project management, client management, finances, work time tracking.
+
+## Tech Stack
+- PHP 7.4, MySQL, Bootstrap 3, jQuery 3.6, PHP templating
+- Medoo query builder ($mdb global), RedBean ORM (\R)
+- SCSS compiled via VS Code Live Sass Compile
+
+## Architecture
+Layered with ongoing DDD migration:
+- `autoload/Controllers/` - new PSR-4, camelCase (TasksController, UsersController, CrmController, FinancesController)
+- `autoload/controls/` - legacy snake_case (Site, Users, Wiki, Projects, Tasks, Cron)
+- `autoload/factory/` - data access (legacy)
+- `autoload/Domain/` - new repositories (Tasks/, Crm/, Finances/, Users/)
+- `templates/` - PHP templates via \Tpl::view()
+
+## Routing
+`controls\Site::route()` reads `?module=&action=` params, tries `\Controllers\{Module}Controller::{camelCase}()` first, falls back to `\controls\{Module}::{snake_case}()`.
+
+## Modules
+tasks, projects, work_time, finances, crm, wiki, users, zaplecze
+
+## Current Permissions
+Hardcoded in `controls\Users::permissions()` - array per user ID with module booleans. Returns true by default if no entry found.