B.5: Add AdminDashboardController with Micrometer metrics endpoints and WebMvcTest

[Copilot]

Adds AdminDashboardController exposing operational metrics via Micrometer's MeterRegistry, and the corresponding @WebMvcTest slice tests.

New Controller — /admin

• GET /admin/resumo — returns buscas_total (from vigisus.buscas.total counter, 0.0 if absent) and timestamp
• GET /admin/top-municipios — returns municipalities sorted descending by search count from vigisus.buscas.municipio counters

Tests

@WebMvcTest(AdminDashboardController.class) with @MockBean MeterRegistry — stubs find() to return Search.in(meterRegistry), which yields null counter / empty collection from the mock registry, exercising the zero-state fallback path:

@WebMvcTest(AdminDashboardController.class)
@WithMockUser
class AdminDashboardControllerTest {

    @MockBean MeterRegistry meterRegistry;

    @Test
    void deveRetornarResumoVazioSemMedidas() throws Exception {
        when(meterRegistry.find(any())).thenReturn(Search.in(meterRegistry));

        mockMvc.perform(get("/admin/resumo"))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$.buscas_total").isNumber())
            .andExpect(jsonPath("$.timestamp").isString());
    }
}

@WithMockUser is required because @WebMvcTest applies Spring Security's default filter chain (all requests authenticated) without loading the app's custom SecurityFilterChain.

Supporting changes

• SecurityConfig — added .requestMatchers("/admin/**").permitAll() consistent with the current public-data / hackathon scope
• pom.xml — added spring-security-test (test scope) to provide @WithMockUser

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.