fix: update Keycloak group names for SITECONSEIL OAuth authentication

Problem: OAuth login failed because the authenticator was checking for
old Keycloak group names (super_admin_asso, gp_member) that no longer
exist in the master realm.

Changes:
- src/Security/KeycloakAuthenticator.php:106: resolveRoles() now checks
  for 'siteconseil_admin' instead of 'super_admin_asso' to grant ROLE_ROOT
- src/Controller/Admin/MembresController.php:140: member creation role
  resolution updated from 'super_admin_asso' to 'siteconseil_admin'
- templates/admin/membres.html.twig: checkbox values updated from
  'gp_member' to 'siteconseil_member' and 'super_admin_asso' to
  'siteconseil_admin' in the member management form
- assets/app.js:5-6: JS mutual exclusion logic updated to use new
  group values 'siteconseil_member' and 'siteconseil_admin'
- tests/Security/KeycloakAuthenticatorTest.php:79: test data updated
  from 'super_admin_asso' to 'siteconseil_admin'

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

assets/app.js

@@ -2,8 +2,8 @@ import "./app.scss"
 
 // Membre / Super Admin : mutuellement exclusif
 document.addEventListener('DOMContentLoaded', () => {
-    const memberCheckbox = document.querySelector('input[value="gp_member"]');
-    const adminCheckbox = document.querySelector('input[value="super_admin_asso"]');
+    const memberCheckbox = document.querySelector('input[value="siteconseil_member"]');
+    const adminCheckbox = document.querySelector('input[value="siteconseil_admin"]');
     const otherGroupCheckboxes = () =>
         [...document.querySelectorAll('input[name="groups[]"]')].filter(cb => cb !== memberCheckbox);