fix: hide edit controls for non-owners in frontend

- Add useAuth and canEdit logic to RunEncounters.tsx
- Guard all mutation triggers (Log Shiny, Log Egg, End Run, Randomize All,
  HoF Edit, Boss Battle, route/team clicks, Advance to Next Leg)
- Update RunDashboard.tsx canEdit to be isOwner only (no unowned fallback)
- Add read-only banner for non-owner viewers in both pages

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontend/src/pages/RunDashboard.tsx

@@ -67,7 +67,7 @@ export function RunDashboard() {
   const [teamSort, setTeamSort] = useState<TeamSortKey>('route')
 
   const isOwner = user && run?.owner?.id === user.id
-  const canEdit = isOwner || !run?.owner
+  const canEdit = isOwner
 
   const encounters = run?.encounters ?? []
   const alive = useMemo(
@@ -143,6 +143,32 @@ export function RunDashboard() {
         </div>
       </div>
 
+      {/* Read-only Banner */}
+      {!canEdit && run.owner && (
+        <div className="rounded-lg p-3 mb-6 bg-surface-2 border border-border-default">
+          <div className="flex items-center gap-2 text-text-secondary">
+            <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path
+                strokeLinecap="round"
+                strokeLinejoin="round"
+                strokeWidth={2}
+                d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"
+              />
+              <path
+                strokeLinecap="round"
+                strokeLinejoin="round"
+                strokeWidth={2}
+                d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"
+              />
+            </svg>
+            <span className="text-sm">
+              Viewing {run.owner.displayName ? `${run.owner.displayName}'s` : "another player's"}{' '}
+              run (read-only)
+            </span>
+          </div>
+        </div>
+      )}
+
       {/* Completion Banner */}
       {!isActive && (
         <div