fix(config-service): make /config/user-system anonymous so INACTIVE users can read inviteOnly

[aicam]

Problem

A freshly-registered user is INACTIVE until an admin approves them, so they cannot reach the @RolesAllowed("REGULAR", "ADMIN") config endpoints. The frontend reads the inviteOnly flag at exactly that point (right after registration) to decide whether to show the registration-request form — which collects the user's affiliation/reason and triggers the admin notification email.

#5305 moved /config/user-system from @PermitAll to @RolesAllowed("REGULAR", "ADMIN"). As a result, an INACTIVE user's request for inviteOnly returns 403, the flag is left undefined on the frontend, and:

• the registration-request form never appears, and
• no admin notification email is sent.

So in invite-only deployments, new sign-ups are silently dropped.

Fix

Restore @PermitAll on /config/user-system. The endpoint only exposes the boolean inviteOnly flag, which is non-sensitive and is specifically needed before activation.

Testing

Verified on an invite-only deployment: a fresh registration now receives inviteOnly: true while INACTIVE, the registration-request form appears, and the admin notification email is sent.

🤖 Generated with Claude Code

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.17%. Comparing base (564ccdb) to head (8723d87).

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #5572   +/-   ##
=========================================
  Coverage     52.17%   52.17%           
  Complexity     2482     2482           
=========================================
  Files          1068     1068           
  Lines         41311    41311           
  Branches       4439     4439           
=========================================
  Hits          21556    21556           
  Misses        18490    18490           
  Partials       1265     1265           

Flag	Coverage Δ		*Carryforward flag
access-control-service	64.61% <ø> (ø)
agent-service	33.76% <ø> (ø)		Carriedforward from 8e6a1b4
amber	53.28% <ø> (ø)		Carriedforward from 8e6a1b4
computing-unit-managing-service	1.65% <ø> (ø)
config-service	56.06% <ø> (ø)
file-service	38.32% <ø> (ø)
frontend	46.42% <ø> (ø)		Carriedforward from 8e6a1b4
pyamber	90.72% <ø> (ø)		Carriedforward from 8e6a1b4
python	90.75% <ø> (ø)		Carriedforward from 8e6a1b4
workflow-compiling-service	58.69% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bobbai00]

The PR description is not following the PR template. Please fix the PR description.

Also, please create an issue and resolve that issue in this PR.

Since it is related to user experience, please include screenshots of BEFORE & AFTER.