feat: allow owner to deploy system master key from deploy page

docs/admin-guide.md

@@ -59,9 +59,12 @@ Server groups are used as targets for:
 1. Navigate to **Deploy**
 2. Select an **SSH key** from the dropdown (shows all keys from all users)
 3. Select a **target server**
-4. Click **Deploy**
+4. Choose an authentication method (password or existing key)
+5. Click **Deploy**
 
-Keywarden connects to the target server using the system master key and appends the selected public key to the server user's `~/.ssh/authorized_keys`.
+Keywarden connects to the target server and appends the selected public key to the server user's `~/.ssh/authorized_keys`.
+
+> **Owner only:** The SSH key dropdown includes the **[MASTER] System Master Key** as the first option. This allows the owner to deploy the system master key directly to servers from the Deploy page — useful for initial server setup or re-deployment after master key regeneration.
 
 ### Group Deployment
 

docs/roles.md

@@ -35,6 +35,7 @@ Owner  →  Admin  →  User
 | Test server connectivity | ❌ | ✅ | ✅ |
 | **Deployments** | | | |
 | Manual key deployment | ❌ | ✅ | ✅ |
+| Deploy system master key | ❌ | ❌ | ✅ |
 | Group deployment | ❌ | ✅ | ✅ |
 | **Access Assignments** | | | |
 | Create/edit/delete assignments | ❌ | ✅ | ✅ |
@@ -88,6 +89,7 @@ Admins **cannot** access the Admin Settings page, regenerate the master key, man
 
 The **Owner** role has unrestricted access. In addition to all Admin permissions, the owner can:
 
+- Deploy the system master key to servers (via the Deploy page)
 - Access the Admin Settings page
 - Configure application settings (app name, session timeout, default key type)
 - Configure security settings (password policy, account lockout, MFA enforcement)