add OAuth defaults and admin reservation deletion support

Seed rms.auth.oauth plugin settings with a Google OIDC example while keeping the plugin disabled by default, add admin API/UI support to delete individual reservation entries, and extend auth flow handling for OAuth callback redirects and errors.

public/app.js

@@ -1443,6 +1443,21 @@ async function cancelOwnReservation() {
   }
 }
 
+async function cancelReservationByUserId(userId) {
+  const normalized = String(userId || "").trim();
+  if (!normalized) {
+    return;
+  }
+  clearMessages("status");
+  try {
+    await api(`/v1/station/reservations/${encodeURIComponent(normalized)}`, { method: "DELETE" });
+    renderMessage(els.reservationMessage, "Reservierung geloescht", false, true);
+    await refreshStatus();
+  } catch (error) {
+    renderMessage(els.reservationMessage, error.message, true);
+  }
+}
+
 async function openOpenWebRxSession() {
   clearMessages("status");
   setOpenWebRxBusy(true);
@@ -2944,8 +2959,23 @@ function renderReservationQueue(status) {
 
     left.appendChild(title);
     left.appendChild(details);
+    const right = document.createElement("div");
+    right.className = "actions";
+    right.appendChild(pill);
+    if (isAdmin() && entry && entry.userId) {
+      const adminDeleteBtn = document.createElement("button");
+      adminDeleteBtn.type = "button";
+      adminDeleteBtn.className = "ghost-btn danger";
+      adminDeleteBtn.textContent = translateLiteral("Reservierung loeschen");
+      adminDeleteBtn.title = translateLiteral("Reservierung dieses Benutzers loeschen");
+      adminDeleteBtn.addEventListener("click", async () => {
+        await cancelReservationByUserId(entry.userId);
+      });
+      right.appendChild(adminDeleteBtn);
+    }
+
     row.appendChild(left);
-    row.appendChild(pill);
+    row.appendChild(right);
     list.appendChild(row);
 
     const isMine = loggedIn