Updated invitation flow

[korridor]

What does this PR do?

• Moved jetstream function to REST endpoints
• Lower case email

Checklist (DO NOT REMOVE)

• I read the contributing guide
• I signed the Contributor License Agreement.
• I commented my code, particularly in hard-to-understand areas

[codecov]

Codecov Report

❌ Patch coverage is 96.84814% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.88%. Comparing base (7d9ecd9) to head (5b756be).

Files with missing lines	Patch %	Lines
app/Http/Controllers/Web/UserController.php	77.77%	6 Missing ⚠️
app/Support/Base64File.php	77.77%	4 Missing ⚠️
app/Actions/Jetstream/AddOrganizationMember.php	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #1078      +/-   ##
============================================
- Coverage     89.05%   88.88%   -0.18%     
- Complexity     1875     1943      +68     
============================================
  Files           275      283       +8     
  Lines          9733     9753      +20     
============================================
+ Hits           8668     8669       +1     
- Misses         1065     1084      +19     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Onatcer]

do we know why it is needed now?

[korridor]

Do you mean the switchTeam or the refresh?

[Onatcer]

The refresh. The comment just sounded like a leftover.

[Onatcer]

@korridor I did change it to a session state now after all because the Inertia URL handling gets flaky once I start messing with the URLs on the client side (Inertia has its own URL state, which overrides it again). We can revisit this when we eventually migrate to a SPA and have full URL control there. E2E tests are in place so it should be an easy migration after the fact.

I also changed the logged-out redirect and added an Auth check there for the case detection. I think this is cleaner than messing with the middleware behaviour and I don't really see a reason why there shouldn't be an Auth check in this controller especially when we just use it for the determining the redirect.

Arguably, the UX path for "A different user is logged in and accepts the invite" is a bit confusing because they get a message that they accepted an invite to an organization but the logged in user cannot actually see the org (because the invite was accepted for a different user). It is probably an edge case tho.