[BE] Introduce _resource.yml metadata file for granular permissions resources

Problem Statement

Currently, resource descriptions for granular permissions face a "two thermometers" problem:

• If we keep resource descriptions in permission files, we need to duplicate them across multiple files
• If we keep resource descriptions in the frontend, they need to be updated every time there's a change in associated permissions, breaking the single source of truth principle

This creates maintenance overhead and increases the risk of inconsistencies between backend and frontend.

Proposal

Introduce a _resource.yml metadata file for each resource in the granular permissions system.

Structure:

• Location: config/authz/permissions/<resource>/_resource.yml
• Example: config/authz/permissions/wiki/_resource.yml

Contents:

• Resource name
• Resource description
• Feature category

Benefits:

1. Single source of truth: Resource-level metadata is backend-owned and centralized
2. Logical grouping: Metadata lives alongside the permissions themselves
3. Easy discovery: The _resource.yml naming convention makes it distinct from permission files
4. Flexible adoption: Not mandatory—resource descriptions can be added or updated later as needed

Implementation Details

Enhance the permission generator to optionally create the _resource.yml file when generating the first permission for a new resource. This keeps the process streamlined while allowing teams to add resource metadata when it makes sense.

Related

Parent epic: #18555