✨ Implement leadership-based permissions for Meetup management

- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP.
- ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`.
- 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views.
- 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates).
- 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling.
- ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.

app/Http/Requests/Api/StoreMeetupLeaderRequest.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Http\Requests\Api;
+
+use Closure;
+use Illuminate\Foundation\Http\FormRequest;
+use swentel\nostr\Key\Key as NostrKey;
+
+/**
+ * Setzt einen weiteren Leader für ein Meetup per Nostr-npub ein. Nur ein
+ * bestehender Leader (bzw. Ersteller/Super-Admin) darf das (manageLeaders).
+ * Der npub muss ein gültiger bech32-kodierter öffentlicher Schlüssel sein.
+ */
+class StoreMeetupLeaderRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return $this->user()->can('manageLeaders', $this->route('meetup'));
+    }
+
+    /**
+     * @return array<string, array<int, mixed>>
+     */
+    public function rules(): array
+    {
+        return [
+            'npub' => [
+                'required',
+                'string',
+                'starts_with:npub1',
+                function (string $attribute, mixed $value, Closure $fail): void {
+                    try {
+                        (new NostrKey)->convertToHex((string) $value);
+                    } catch (\Throwable) {
+                        $fail(__('Das ist kein gültiger npub.'));
+                    }
+                },
+            ],
+        ];
+    }
+}