Improve hostgroup permission error message

When the API token user cannot see the host group (returns empty from
hostgroup.get), the code fell through to hostgroup.create and gave a
confusing permissions error. Now catches this and explains exactly what
to fix in Zabbix (User groups -> Permissions).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/zabbix.py

@@ -72,7 +72,17 @@ class ZabbixClient:
         existing = self._call('hostgroup.get', {'filter': {'name': name}, 'output': ['groupid']})
         if existing:
             return existing[0]['groupid']
-        return self._call('hostgroup.create', {'name': name})['groupids'][0]
+        try:
+            return self._call('hostgroup.create', {'name': name})['groupids'][0]
+        except RuntimeError as exc:
+            if 'permission' in str(exc).lower():
+                raise RuntimeError(
+                    f"Host group '{name}' not found or not visible to the API token user. "
+                    f"Fix in Zabbix: Administration -> User groups -> [your group] -> "
+                    f"Permissions -> add '{name}' with Read-write access. "
+                    f"Alternatively assign Super admin role to the API token user."
+                ) from exc
+            raise
 
     # ------------------------------------------------------------------ hosts