fix: cleanup codebase and sync SPEC with actual permissions

Phase 1: Ruff lint fixes
- Remove unused imports across all files
- Remove unused variables (now_utc, tz, ctx)
- Fix f-string without placeholders
- Fix E402 import order with noqa comments

Phase 2: Remove confusing hard delete from storage
- Removed delete_bounty() from RoomStorage Protocol (never used by app)
- Removed delete_bounty() from JsonFileRoomStorage (was hard delete)
- Removed corresponding tests (hard delete was never used)

Phase 3: Sync SPEC.md with actual code behavior
- Updated overview: admins can add/edit/delete (not 'anyone' + 'creator')
- Updated command table: /add, /edit, /delete are admin only
- Updated error handling messages

Test results: 96 passed (2 hard delete tests removed)

core/ports.py

@@ -32,10 +32,6 @@ class RoomStorage(Protocol):
         """Update an existing bounty in a room."""
         ...
 
-    def delete_bounty(self, room_id: int, bounty_id: int) -> None:
-        """Delete a bounty from a room."""
-        ...
-
     def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
         """Get a specific bounty from a room by ID."""
         ...