feat(groups): prevent deletion of groups referenced by active invites

Adds GROUP_HAS_ACTIVE_INVITES error code and guards UserService.deleteGroup()
with a 409 conflict when any active (non-revoked, non-expired, non-exhausted)
invite token still holds the group UUID.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/test/java/org/raddatz/familienarchiv/user/UserServiceTest.java

@@ -36,6 +36,7 @@ class UserServiceTest {
 
     @Mock AppUserRepository userRepository;
     @Mock UserGroupRepository groupRepository;
+    @Mock InviteTokenRepository inviteTokenRepository;
     @Mock PasswordEncoder passwordEncoder;
     @Mock AuditService auditService;
     @InjectMocks UserService userService;
@@ -903,6 +904,29 @@ class UserServiceTest {
         assertThat(result.getPermissions()).containsExactlyInAnyOrder("READ_ALL", "WRITE_ALL");
     }
 
+    // ─── deleteGroup ──────────────────────────────────────────────────────────
+
+    @Test
+    void deleteGroup_throwsConflict_whenActiveInviteReferencesGroup() {
+        UUID groupId = UUID.randomUUID();
+        when(inviteTokenRepository.existsActiveWithGroupId(groupId)).thenReturn(true);
+
+        assertThatThrownBy(() -> userService.deleteGroup(groupId))
+                .isInstanceOf(DomainException.class)
+                .extracting(e -> ((DomainException) e).getCode())
+                .isEqualTo(ErrorCode.GROUP_HAS_ACTIVE_INVITES);
+    }
+
+    @Test
+    void deleteGroup_deletesGroup_whenNoActiveInviteReferencesGroup() {
+        UUID groupId = UUID.randomUUID();
+        when(inviteTokenRepository.existsActiveWithGroupId(groupId)).thenReturn(false);
+
+        userService.deleteGroup(groupId);
+
+        verify(groupRepository).deleteById(groupId);
+    }
+
     @Test
     void createGroup_withNullPermissions_savesGroupWithEmptyPermissionSet() {
         org.raddatz.familienarchiv.user.GroupDTO dto = new org.raddatz.familienarchiv.user.GroupDTO();