fix(license): scope license lookup per-org in cloud mode

[keysersoft]

Summary

Fixes a cross-tenant entitlement leak in cloud mode.

getCurrentLicense falls back to site_settings.license_key (a single instance-wide pointer) when the calling org has no license of its own, and on hit it auto-binds the unassigned license to whichever org happens to ask first. Combined with the unscoped POST /api/license/verify (which reads the same global pointer), an org with zero licenses can see another org's key as "License verified successfully".

Reproducer on the live cloud:

1. Sign in as a user belonging to an org with no purchased license (in my case keysersoft@gmail.com → Matteo's Workspace).
2. Open /settings/license and click Verify Now.
3. UI reports "License verified successfully", showing the plan & expiry of an unrelated org's license (here, the starter under sales@helpcode.ai).

What changes

This isolates lookups per organizationId in cloud mode while keeping the existing single-tenant fallbacks for self-hosted, where site_settings.license_key is the legitimate "this is the instance license" mechanism.

• getCurrentLicense: in cloud, returns null when the calling org has no license; no more global pointer fallback, no auto-binding of orphan licenses to a random caller. Self-hosted behavior unchanged.
• verifyLicense: now accepts organizationId and, in cloud, resolves the key to verify from the org's own license; falls back to the global setting only in self-hosted.
• setLicenseKey / requestTrialLicense: stop overwriting site_settings.license_key in cloud; persist organizationId on the trial record so future lookups can find it.
• verifyOnStartup: no-op in cloud (per-org background verification belongs to a separate cron, not to instance boot).
• POST /api/license/verify: passes req.user.organizationId.
• POST /api/license/activate-trial: passes req.user.organizationId.

Pre-deploy data backfill

Performed directly on the cloud Postgres (one-off, environment-specific — not a Prisma migration on purpose): 3 orphan trial licenses re-assigned to their owning orgs based on licenses.email ↔ users.email. One enterprise license (AMCP-3076-FFD0-DFCC-D619) has no corresponding row in the marketing-site Mongo and was left orphan; after this PR it will no longer be visible to any org.

Tests

6 new unit tests in license.service.spec.ts:

• cloud: license is returned for the owning org
• cloud: another org sees null even when site_settings.license_key points at the first org's key (the exact bug)
• cloud: orphan licenses are not auto-bound to the caller
• self-hosted: site_settings.license_key fallback still works
• self-hosted: orphan auto-bind still works
• verifyOnStartup is a no-op in cloud

Full suite: 752 passed, 5 skipped (unchanged from before this PR).

Test plan post-deploy

• Sign in as keysersoft@gmail.com → /settings/license shows "No license" (no plan info, no "Verify now" success)
• Sign in as sales@helpcode.ai → still sees AMCP-3887-…-15D8 (starter, active)
• Sign in as matteo.morelli@kochfreiburg.de → still sees AMCP-96ED-…-6B51 (enterprise, active)
• Self-hosted instance (local docker compose): activating a license still writes site_settings.license_key and getCurrentLicense() resolves to it