feat(geschichte): V59 grants BLOG_WRITE to existing WRITE_ALL groups

Without this, the Geschichten feature ships dark on prod day-one — no group
holds BLOG_WRITE, so the editor controls never render even for admins. The
mapping "anyone who can write documents can also author family stories" is
the safest default and admins can revoke afterwards via the new checkbox UI.

Closes Tobias's review S5 on PR #382.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend/src/main/resources/db/migration/V59__seed_blog_write.sql

@@ -0,0 +1,16 @@
+-- Grant BLOG_WRITE to every existing group that already holds WRITE_ALL.
+-- Without this, the Geschichten feature ships dark to production: no group
+-- has BLOG_WRITE, so the editor controls are invisible and "+ Neue Geschichte"
+-- is never rendered. The natural mapping is "groups that can already write
+-- documents and tags can also author family stories." Admins can revoke or
+-- re-assign via the group editor afterwards.
+
+INSERT INTO group_permissions (group_id, permission)
+SELECT DISTINCT gp.group_id, 'BLOG_WRITE'
+FROM group_permissions gp
+WHERE gp.permission = 'WRITE_ALL'
+  AND NOT EXISTS (
+      SELECT 1 FROM group_permissions existing
+      WHERE existing.group_id = gp.group_id
+        AND existing.permission = 'BLOG_WRITE'
+  );