i365-admin-api v1 (D1 control plane)
  POST /admin/login                       { password }
  POST /admin/cards/generate              { count, batch_label?, card_type? } [ADMIN]
  GET  /admin/licenses                                                       [ADMIN]
  GET  /admin/licenses/:id/backups                                           [ADMIN]
  PATCH  /admin/licenses/:id              { business_name?, phone? }         [ADMIN]
  POST /admin/licenses/:id/reset                                             [ADMIN]
  DELETE /admin/licenses/:id                                                 [ADMIN]
  POST /api/license/activate              { code, business_name?, phone?, fingerprint{cpu,mb,disk}, device?, edition?, parent_slug? } [PUBLIC]
  POST /api/backup/presign                { token } [PUBLIC] → presigned R2 PUT
  POST /api/mobile/provision              { token } [توكن المحل] → نفق + QR ربط دائم
  POST /api/mobile/qr/rotate              { token } [توكن المحل]
  POST /api/mobile/devices                { token } [توكن المحل]
  POST /api/mobile/devices/revoke         { token, device_id } [توكن المحل]
  POST /api/devices/pair                  { token, fingerprint, kind?, label? } [PUBLIC — QR]
  GET  /api/me                            [DEVICE JWT]
  GET  /admin/licenses/:id/devices                                           [ADMIN]