fix(rbac): allow reviewer role to assign linguists and reviewers

assign, assign-reviewer, reassign-reviewer, and bulk-assign endpoints
were gated to project_manager/production/admin only, but the Reviewer
QC Detail page exposes Assign buttons to reviewer users.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/api/v1/routes_language_qc.py

@@ -123,7 +123,7 @@ async def assign_language(
     request: AssignRequest,
     http_request: Request,
     current_user: User = Depends(require_roles(
-        UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
+        UserRole.REVIEWER, UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
     )),
     db: AsyncIOMotorDatabase = Depends(get_database),
 ):
@@ -161,7 +161,7 @@ async def assign_reviewer(
     request: AssignReviewerRequest,
     http_request: Request,
     current_user: User = Depends(require_roles(
-        UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
+        UserRole.REVIEWER, UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
     )),
     db: AsyncIOMotorDatabase = Depends(get_database),
 ):
@@ -179,7 +179,7 @@ async def reassign_reviewer(
     request: ReassignReviewerRequest,
     http_request: Request,
     current_user: User = Depends(require_roles(
-        UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
+        UserRole.REVIEWER, UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
     )),
     db: AsyncIOMotorDatabase = Depends(get_database),
 ):
@@ -198,7 +198,7 @@ async def bulk_assign_languages(
     request: BulkAssignRequest,
     http_request: Request,
     current_user: User = Depends(require_roles(
-        UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
+        UserRole.REVIEWER, UserRole.PROJECT_MANAGER, UserRole.PRODUCTION, UserRole.ADMIN,
     )),
     db: AsyncIOMotorDatabase = Depends(get_database),
 ):