feat(domain): V008 migration + Usuario with-methods + DomainException hierarchy [UDT-008]

src/api/SIGCM2.Domain/Exceptions/CannotSelfResetException.cs

@@ -0,0 +1,11 @@
+namespace SIGCM2.Domain.Exceptions;
+
+/// <summary>
+/// Thrown when an admin attempts to reset their own password via the admin reset endpoint.
+/// Admin must use the self-service change password endpoint instead.
+/// </summary>
+public sealed class CannotSelfResetException : DomainException
+{
+    public CannotSelfResetException()
+        : base("Un administrador no puede resetear su propia contraseña. Use el endpoint de cambio de contraseña propio.") { }
+}

src/api/SIGCM2.Domain/Exceptions/DomainException.cs

@@ -0,0 +1,10 @@
+namespace SIGCM2.Domain.Exceptions;
+
+/// <summary>
+/// Base class for all domain-level exceptions in SIGCM2.
+/// </summary>
+public abstract class DomainException : Exception
+{
+    protected DomainException(string message) : base(message) { }
+    protected DomainException(string message, Exception innerException) : base(message, innerException) { }
+}

src/api/SIGCM2.Domain/Exceptions/LastAdminLockoutException.cs

@@ -0,0 +1,11 @@
+namespace SIGCM2.Domain.Exceptions;
+
+/// <summary>
+/// Thrown when an operation would remove the last active admin from the system,
+/// causing a lockout condition.
+/// </summary>
+public sealed class LastAdminLockoutException : DomainException
+{
+    public LastAdminLockoutException()
+        : base("No se puede desactivar o cambiar el rol del último administrador activo.") { }
+}

src/api/SIGCM2.Domain/Exceptions/UsuarioNotFoundException.cs

@@ -0,0 +1,15 @@
+namespace SIGCM2.Domain.Exceptions;
+
+/// <summary>
+/// Thrown when a requested user does not exist in the system.
+/// </summary>
+public sealed class UsuarioNotFoundException : DomainException
+{
+    public int Id { get; }
+
+    public UsuarioNotFoundException(int id)
+        : base($"El usuario con id '{id}' no existe.")
+    {
+        Id = id;
+    }
+}