Add account registration with signup policy acceptance

Implements #16: invite-only student self-registration through a front-end
page, accepting signup-scoped policies at account creation.

Policy domain:
- us_policies.acceptance_scope (signup/booking/both); Policy::appliesTo();
  PolicyRepository::findForScope(); scope threaded through PolicyService,
  the REST create, the admin controller, and the Policies form.
- PolicyAcceptance::REG_ACCOUNT (registration_id = the new user's ID).

Auth:
- Invite value object + InviteRepository; us_invites table.
- RegistrationController + Invites admin page (manage_students): invite an
  email, share the registration link, revoke.
- RegistrationPage ([us_student_register] shortcode): validates the invite
  token, collects name/password, renders signup-scoped published policies
  with required acceptance, creates the us_student user, records account-type
  acceptances, marks the invite accepted, and logs the user in.
- RoleManager: manage_students cap added to STUDIO_ADMIN_CAPS.

Invite-only is implemented; the us_registration_mode self_approval path is a
documented future seam.

Docs: docs/features/account-registration.md; policies.md updated.
Tests: tests/Unit/Auth/ (Invite, InviteRepository) plus Policy scope
updates. composer test (104), cs, and PHPStan level 6 all pass.

Refs #16

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

tests/Unit/Auth/InviteTest.php

@@ -0,0 +1,71 @@
+<?php
+declare(strict_types=1);
+
+namespace Unsupervised\Schedular\Tests\Unit\Auth;
+
+use Unsupervised\Schedular\Auth\Invite;
+use Unsupervised\Schedular\Auth\RoleManager;
+use Unsupervised\Schedular\Tests\Unit\TestCase;
+
+class InviteTest extends TestCase
+{
+    public function testDefaults(): void
+    {
+        $invite = new Invite('a@b.test', 'tok123');
+
+        self::assertSame('a@b.test', $invite->email);
+        self::assertSame('tok123', $invite->token);
+        self::assertSame(RoleManager::STUDENT, $invite->role);
+        self::assertSame(Invite::STATUS_PENDING, $invite->status);
+        self::assertTrue($invite->isPending());
+        self::assertNull($invite->invitedBy);
+        self::assertNull($invite->acceptedUserId);
+        self::assertNull($invite->id);
+    }
+
+    public function testFromRowMapsCorrectly(): void
+    {
+        $invite = Invite::fromRow((object) [
+            'id'               => '5',
+            'email'            => 'a@b.test',
+            'token'            => 'tok123',
+            'role'             => RoleManager::STUDENT,
+            'status'           => Invite::STATUS_ACCEPTED,
+            'invited_by'       => '2',
+            'accepted_user_id' => '9',
+            'accepted_at'      => '2026-06-02 09:00:00',
+        ]);
+
+        self::assertSame(5, $invite->id);
+        self::assertSame(2, $invite->invitedBy);
+        self::assertSame(9, $invite->acceptedUserId);
+        self::assertFalse($invite->isPending());
+    }
+
+    public function testFromRowHandlesNullableIds(): void
+    {
+        $invite = Invite::fromRow((object) [
+            'id'               => '5',
+            'email'            => 'a@b.test',
+            'token'            => 'tok123',
+            'role'             => RoleManager::STUDENT,
+            'status'           => Invite::STATUS_PENDING,
+            'invited_by'       => null,
+            'accepted_user_id' => null,
+            'accepted_at'      => null,
+        ]);
+
+        self::assertNull($invite->invitedBy);
+        self::assertNull($invite->acceptedUserId);
+        self::assertTrue($invite->isPending());
+    }
+
+    public function testToArrayContainsExpectedKeys(): void
+    {
+        $arr = (new Invite('a@b.test', 'tok', id: 1))->toArray();
+
+        foreach (['id', 'email', 'token', 'role', 'status', 'invited_by', 'accepted_user_id', 'accepted_at'] as $key) {
+            self::assertArrayHasKey($key, $arr);
+        }
+    }
+}