test(bulk-edit): plug Sara's identified coverage gaps

- DocumentServiceTest.applyBulkEditToDocument_propagatesDomainException_whenSenderIdUnresolvable (Sara C1)
- DocumentServiceTest.findIdsForFilter_passesTagOperatorOR_throughBuildSearchSpec (Sara C3)
- bulkSelection.svelte.spec.ts: setAll([]) no-op + previous-IDs-absent + ids getter (Sara C4 + S4)
- /documents/bulk-edit/+page.server.ts now defensively handles a UserGroup
  with NULL `permissions` (treats it as not-WRITE_ALL instead of throwing
  on .includes()) + matching test (Sara C7)

233 backend tests + frontend bulk-edit specs all green.

Refs #225, PR #331

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/routes/documents/bulk-edit/+page.server.ts

@@ -1,9 +1,11 @@
 import { redirect } from '@sveltejs/kit';
 
 export async function load({ locals }: { locals: App.Locals }) {
+	// Defensive: a UserGroup row with NULL permissions returns undefined here
+	// rather than throwing on .includes() — treat that as "not WRITE_ALL".
 	const canWrite =
-		locals.user?.groups?.some((g: { permissions: string[] }) =>
-			g.permissions.includes('WRITE_ALL')
+		locals.user?.groups?.some(
+			(g: { permissions?: string[] }) => g.permissions?.includes('WRITE_ALL') ?? false
 		) ?? false;
 	if (!canWrite) throw redirect(303, '/documents');
 	return { canWrite };