✨ Implement leadership-based permissions for Meetup management

- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP.
- ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`.
- 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views.
- 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates).
- 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling.
- ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.

app/Mcp/Tools/MeetupEvent/CreateMeetupEventTool.php

@@ -30,7 +30,7 @@ class CreateMeetupEventTool extends Tool
 
         if (! $this->present($request->get('meetup_id'))) {
             $meetup = $this->resolveInScope(
-                Meetup::query()->associatedWith($user->getAuthIdentifier()),
+                Meetup::query()->ledBy($user->getAuthIdentifier()),
                 $request,
                 'Meetups',
                 'meetup',
@@ -43,6 +43,15 @@ class CreateMeetupEventTool extends Tool
             $request->merge(['meetup_id' => $meetup->id]);
         }
 
+        // Nur Leader/Ersteller des Ziel-Meetups dürfen Termine anlegen (gleiche
+        // Berechtigung wie die Stammdaten). Greift auch, wenn meetup_id direkt
+        // übergeben wurde und damit den ledBy-Scope oben umgeht.
+        $targetMeetup = Meetup::find($request->get('meetup_id'));
+
+        if ($targetMeetup === null || Gate::forUser($user)->denies('update', $targetMeetup)) {
+            return Response::error('Nur Leader oder der Ersteller dürfen Termine für dieses Meetup anlegen.');
+        }
+
         $storeRequest = new StoreMeetupEventRequest;
 
         $validated = $request->validate(