feat(frontend): invite-based registration UI

- Add /register route with invite code prefill, password show/hide
- Add /login?registered=1 success banner
- Add /admin/invites page: list, create, revoke, copy link
- Add Einladungen nav section to admin sidebar (ADMIN_USER perm)
- Add invite error codes to errors.ts
- Add 48 i18n keys across de/en/es
- Update hooks.server.ts to allow public access to invite/register API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/hooks.server.ts

@@ -5,7 +5,7 @@ import { env } from 'process';
 import { cookieName, cookieMaxAge } from '$lib/paraglide/runtime';
 import { detectLocale } from '$lib/server/locale';
 
-const PUBLIC_PATHS = ['/login', '/logout', '/forgot-password', '/reset-password'];
+const PUBLIC_PATHS = ['/login', '/logout', '/forgot-password', '/reset-password', '/register'];
 
 const handleLocaleDetection: Handle = ({ event, resolve }) => {
 	if (!event.cookies.get(cookieName)) {
@@ -72,7 +72,12 @@ export const handleFetch: HandleFetch = async ({ event, request, fetch }) => {
 		}
 
 		// Password reset endpoints are public — no auth header needed.
-		const PUBLIC_API_PATHS = ['/api/auth/forgot-password', '/api/auth/reset-password'];
+		const PUBLIC_API_PATHS = [
+			'/api/auth/forgot-password',
+			'/api/auth/reset-password',
+			'/api/auth/invite/',
+			'/api/auth/register'
+		];
 		if (PUBLIC_API_PATHS.some((p) => request.url.includes(p))) {
 			return fetch(request);
 		}