Verify that RBAC permissions correctly control visibility of cost data by scope (project/cluster).

Related issue: FLPATH-2740

Test Steps:
1. Configure RBAC permissions for cost management plugin
2. Create users with different permission levels:

• User with full cluster access
• User with specific project access only
• User with no cost management permissions
  3. Log in as each user and verify data visibility:
• Full access user sees all cost data
• Project-scoped user sees only their project data
• No permission user gets 403 or appropriate empty state
  4. Test permission enforcement on backend API routes
  5. Test permission enforcement on frontend UI elements
  6. Verify 403 responses vs empty states are handled correctly

Expected Results:

• RBAC permissions are enforced correctly
• Users see only data they have permission to access
• Cluster+Project permissions work as documented
• 403 errors display appropriate messaging
• Empty states are shown when user has access but no data
• UI elements are hidden/disabled based on permissions