agent-07 phase 2: fix test isolation + CSV import UI

- Fix conftest.py: commit after each request in override_get_db so
  preview_csv's rollback no longer wipes the shared registered_user
  (root cause of 401 cascade across test_user_import + test_personnel_number)
- Fix limiter.enabled=False in client fixture (blocks rate-limit 429)
- Fix user_import_service: allow reactivation when personnel number
  belongs to the same user being reactivated
- Fix test_personnel_number: use PATCH /companies/me (not /companies/{id})
  and add try/finally cleanup for personnel_number_required flag
- Frontend UsersPage: add CSV import modal with template download,
  preview/validation table, and guarded apply button

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/tests/conftest.py

@@ -6,6 +6,7 @@ from sqlalchemy import text
 
 from app.main import app
 from app.core.database import Base, get_db
+from app.core.limiter import limiter
 
 # Echte PostgreSQL Test-Datenbank (kein SQLite – Models nutzen JSONB/UUID)
 TEST_DATABASE_URL = "postgresql+asyncpg://timemaster:timemaster_secret_change_me@localhost:5432/timemaster_test"
@@ -41,9 +42,15 @@ async def db_session():
 @pytest_asyncio.fixture(scope="session", loop_scope="session")
 async def client(db_session: AsyncSession):
     async def override_get_db():
-        yield db_session
+        try:
+            yield db_session
+            await db_session.commit()
+        except Exception:
+            await db_session.rollback()
+            raise
 
     app.dependency_overrides[get_db] = override_get_db
+    limiter.enabled = False  # Rate-Limiter in Tests deaktivieren
 
     async with AsyncClient(
         transport=ASGITransport(app=app),
@@ -51,6 +58,7 @@ async def client(db_session: AsyncSession):
     ) as ac:
         yield ac
 
+    limiter.enabled = True
     app.dependency_overrides.clear()