fix(controlplane): limit public invite token lookup response

[mekilis]

Summary

• limits the unauthenticated invite-token lookup response to the metadata needed by the accept-invite UI
• replaces returned user profile data with a user_exists boolean and omits raw invite tokens/internal IDs from the public lookup response
• updates dashboard invite lookup tests and generated API docs

Test plan

• go test ./services -run TestFindUserByInviteTokenService_Run
• go test ./api -run 'TestOrganisationInviteIntegrationTestSuite/Test_FindUserByInviteToken'
• golangci-lint run ./api/... ./services/...
• go vet ./...
• git diff --check

---

Note

Medium Risk
Breaking change on a public auth-related endpoint; clients must adopt the new shape, though exposure of tokens and PII is reduced.

Overview
Tightens the unauthenticated invite-token lookup so it no longer returns full user records or raw OrganisationInvite entities.

The handler now responds with InviteTokenLookupResponse: a trimmed token object (org name, invitee email, role, status only), user_exists, and optional first_name / last_name when the invitee already has an account. Integration tests assert the JSON omits the invite secret, internal IDs, timestamps, and the nested user object. The accept-invite dashboard flow reads user_exists and top-level names, and existing users no longer send name fields when accepting.

Swagger/OpenAPI artifacts were regenerated (includes broader schema churn beyond this endpoint).

^{Reviewed by Cursor Bugbot for commit 023bad3. Bugbot is set up for automated code reviews on this repo. Configure here.}

[linear]

PDE-804

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit a87ec47. Configure here.}