core: implement Supabase Row Level Security for all tables

[EmeditWeb]

Problem

The Supabase tables have no Row Level Security
policies. Any service role query can read and
modify any row.

What To Build

Write RLS policies for all tables:

• learner_profiles
• loans
• repayment_installments
• vouches
• vendors
• pool_positions

Files To Touch

• supabase/migrations/[ts]_rls_policies.sql (new)

Acceptance Criteria

• All tables have RLS enabled
• Users can only access their own data
• Public data accessible without auth
• Admin operations use service role
• npm run build passes

Mandatory Checks Before PR

• All RLS policies tested
• No data leakage between users
• PR references this issue

[Iwayemi-Kehinde]

I would like to work on this issue as I have reviewed the scope, I should have a PR Ready in 50 minutes.