feat: partner enrichment, mutations, settings & branding + operator quick-wins

Backend (platform-api): computed tenant health plus industry/brandColor; partner-scoped tenant update/suspend/resume guarded by assertPartnerOwnsTenant; enriched partner users (MFA + access level) with invite/remove; partner settings and whitelabel branding persistence; Authentik authenticator counting and group removal. Audit on every mutation.

Frontend (portal): all five partner pages on real data — dashboard alerts, customers edit/suspend, team MFA/access with invite/remove, editable settings, branding fetch/save.

Operator: dashboard and infrastructure service health driven by real liveness probes; fabricated uptime/p95/error-rate removed.

apps/portal/components/partner/InviteTeammateModal.vue

@@ -6,7 +6,20 @@
 import { customers } from '~/data/customers'
 
 defineProps<{ open: boolean }>()
-const emit = defineEmits<{ close: []; sent: [payload: { email: string; role: string }] }>()
+const emit = defineEmits<{
+  close: []
+  sent: [
+    payload: {
+      name: string
+      email: string
+      role: string
+      access: 'all' | 'specific' | 'none'
+      specific: string[]
+      requireMfa: boolean
+      message: string
+    },
+  ]
+}>()
 
 const name = ref('')
 const email = ref('')
@@ -151,8 +164,8 @@ function planBadgeTone(p: string) {
       <UiButton variant="ghost" @click="emit('close')">Cancel</UiButton>
       <UiButton
         variant="primary"
-        :disabled="!email"
-        @click="emit('sent', { email, role }); emit('close')"
+        :disabled="!email || !name"
+        @click="emit('sent', { name, email, role, access, specific, requireMfa, message }); emit('close')"
       >
         <template #leading><UiIcon name="mail" :size="14" /></template>
         Send invitation