feat(05-04): protect single job posts from public access

Add protect_single_job() method to access control class following the
same pattern as job archive protection. Non-logged-in users are
redirected to /anbieter-login/ when attempting to access individual
job_offer posts. Logged-in users (any role) can view job details.

Completes backend infrastructure for Phase 5 mentor job board. All ACF
fields and application form ready for Elementor template integration.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

includes/class-access-control.php

@@ -27,6 +27,9 @@ class DDHH_JM_Access_Control {
 
 		// Protect job archive (logged-in users only)
 		add_action( 'template_redirect', array( __CLASS__, 'protect_job_archive' ) );
+
+		// Protect single job posts (logged-in users only)
+		add_action( 'template_redirect', array( __CLASS__, 'protect_single_job' ) );
 	}
 
 	/**
@@ -137,4 +140,22 @@ class DDHH_JM_Access_Control {
 			exit;
 		}
 	}
+
+	/**
+	 * Protect single job posts (logged-in users only)
+	 */
+	public static function protect_single_job() {
+		// Check if current page is single job_offer post
+		if ( ! is_singular( 'job_offer' ) ) {
+			return; // Not single job post
+		}
+
+		// Check if user is logged in
+		if ( ! is_user_logged_in() ) {
+			// Redirect to provider login page
+			$login_url = home_url( '/anbieter-login/' );
+			wp_safe_redirect( $login_url );
+			exit;
+		}
+	}
 }