The OpenShift Cost Management page (/redhat-resource-optimization/ocp) is accessible to ALL authenticated users regardless of their RBAC roles. Users without any cost management permissions (no RORead, ROCluster, etc.) can still view cost data on this page.

Expected: The OpenShift Cost Management page should enforce RBAC permissions, showing "Unauthorized" or an empty state for users without cost management roles.

Actual: Any authenticated user can access the page and view cost data including:

• Total cost amount ($0.00 / €0.00)
• Date range
• Project list with costs
• CSV/JSON export functionality
• Currency selector
• All filter controls

Contrast: The Resource Optimization page (/redhat-resource-optimization) correctly shows "Error: Unauthorized" for users without the ros.plugin read permission.

Steps to reproduce:
1. Create a user with NO cost management roles (e.g., costmgmt-no-access with no role assignments, or costmgmt-workflow-only with only workflowReadwrite)
2. Log in as that user
3. Navigate to Cost Management > OpenShift (/redhat-resource-optimization/ocp)
4. Observe that cost data is displayed

Impact: Medium - users can view cost data they should not have access to

Environment: OCP Edge 73, RHDH 1.9.0, plugin version 1.3.2-rc.1

Related test case: FLPATH-3137