fix(shopfloor): sudo job recordset in /fp/workspace/load (rule 13m)

Same pattern as plant_kanban — workspace payload denormalizes
cross-module fields Technician can't read directly (sale.order,
fp.part.catalog, customer_spec, etc.). job.sudo() at the top so
the whole render path is sudo'd.

Job Workspace was stuck on 'Loading...' with a server-error toast
because the route returned {ok:false, error:'...'} (27-byte response)
when the first cross-module field access AccessError'd.

Module version: 19.0.32.0.9 -> 19.0.32.0.10

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fusion_plating/fusion_plating_shopfloor/__manifest__.py

@@ -5,7 +5,7 @@
 
 {
     'name': 'Fusion Plating — Shop Floor',
-    'version': '19.0.32.0.9',
+    'version': '19.0.32.0.10',
     'category': 'Manufacturing/Plating',
     'summary': 'Shop-floor tablet stations, QR scanning, bake window enforcer, '
                'first-piece inspection gates.',

fusion_plating/fusion_plating_shopfloor/controllers/workspace_controller.py

@@ -37,7 +37,11 @@ class FpWorkspaceController(http.Controller):
     @http.route('/fp/workspace/load', type='jsonrpc', auth='user')
     def load(self, job_id):
         env = request.env
-        job = env['fp.job'].browse(int(job_id))
+        # Sudo: workspace payload denormalizes cross-module fields
+        # (sale.order, fp.part.catalog, fusion.plating.customer.spec, etc.)
+        # that low-priv roles (Technician) can't read directly. Caller's
+        # access to fp.job itself is the security gate.
+        job = env['fp.job'].sudo().browse(int(job_id))
         if not job.exists():
             _logger.warning("workspace/load: job %s not found", job_id)
             return {'ok': False, 'error': f'Job {job_id} not found'}