Add priority policy fields to resource policies

[HyeockJinKim]

Add priority-related fields to User/Project/Keypair resource policies so admins can control per-user/project priority defaults and allowed ranges.

BEP-1014 specifies:

• Default priority for sessions
• Enable/disable ability to change priority
• Priority value range when enabled

Scope

• Add columns to resource policy tables: default_priority (int), allow_priority_change (bool), priority_range_min (int), priority_range_max (int)
• Alembic migration for all three policy tables
• Update repository layer (creators, updaters, db_source) for all policy types
• Update service layer for policy CRUD
• Add priority validation in session creation: check user's effective policy, enforce range
• Expose in GraphQL resource policy types and mutations

Key Files

• models/resource_policy/row.py — new columns on all 3 policy Row classes
• models/alembic/versions/ — new migration
• repositories/keypair_resource_policy/ — creators, updaters
• repositories/user_resource_policy/ — creators, updaters
• repositories/project_resource_policy/ — creators, updaters
• services/session/actions/create_from_params.py — priority validation
• api/gql/user/types/ — GraphQL fields
• api/gql_legacy/resource_policy.py

Success Criteria

• All three resource policy tables have priority fields with sensible defaults
• Alembic migration applies cleanly (upgrade + downgrade)
• Policy create/update with priority fields works via GraphQL
• Session creation with priority outside allowed range → error
• Session creation without explicit priority uses policy default_priority
• Session creation with allow_priority_change=False and non-default priority → error
• pants lint/check passes for affected packages
• pants test passes for affected packages

JIRA Issue: BA-4913