Add admin accounts and streamlined header UI

API.md

@@ -7,11 +7,13 @@ POST /api/auth/register
 POST /api/auth/login  
 POST /api/auth/logout
 
+- Register accepts optional `adminKey`; when it matches `ADMIN_PASSWORD`, the account is marked `IsAdmin=true` and can use admin APIs.
+
 ## State
 GET /api/state (public)
 
 ## Player (requires auth)
-GET /api/me  
+GET /api/me  (returns id, displayName, username, isAdmin)  
 POST /api/me/name
 
 ## Suggestions (requires auth + phase gating)
@@ -27,7 +29,9 @@ POST /api/votes
 ## Results (requires auth + phase gating)
 GET /api/results
 
-## Admin (admin key header/query required)
+## Admin (requires admin account or admin key)
 POST /api/admin/phase  
 POST /api/admin/reset  
-POST /api/admin/factory-reset
+POST /api/admin/factory-reset  
+
+Admin APIs accept either an authenticated admin user (cookie) or, for compatibility, `X-Admin-Key`/`key` matching `ADMIN_PASSWORD`.