fix(invite): fix invite email styling, org redirect, and no-access UX

[rafavalls]

What is this contribution about?

Fixes multiple regressions in the organization invite flow (DECO-4006):

1. Email template: Replaced bare unstyled HTML with a proper inline-CSS table layout. Also escapes HTML entities in org name and inviter name to prevent XSS, and URL-encodes query params in the accept URL.
2. Wrong org redirect after acceptance: The email link's redirectTo now points to /${orgSlug} instead of /, so clicking Accept lands the user directly on the correct org instead of their cached personal org.
3. Infinite loading when visiting org without access: setActive returning null now shows an "Access denied" EmptyState with a clear message ("Check your email for an invitation") and a button that clears the stale lastOrgSlug from localStorage before navigating home — preventing a redirect loop.
4. Personal org after inbox acceptance: Restored correct toast ordering (success shown only after all async ops complete), and added an org list fallback when setActive doesn't return a slug.

Screenshots/Demonstration

UI changes are in the "Access denied" empty state (shell-layout) and the invite email template. No screenshot available in this environment.

How to Test

1. Invite a user to an org via the Members page — verify the email looks styled and the accept link contains the org slug in redirectTo.
2. Click the email link as a logged-in user → accept → confirm you land on the invited org, not your personal one.
3. Visit /<org-slug> for an org you're not a member of → confirm you see "Access denied" with a "Go to your account" button instead of an infinite spinner.
4. Accept an invitation from the Inbox popover → confirm toast fires only after completion and you're redirected to the correct org.

Migration Notes

No database migrations required.

Review Checklist

• PR title is clear and descriptive
• Changes are tested and working
• Documentation is updated (if needed)
• No breaking changes

---

Summary by cubic

Fixes regressions in the org invite flow: styled invite emails, correct org redirect, and a clear “Access denied” screen. Addresses DECO-4006.

• Bug Fixes
  • Invite email: inline‑styled table layout; escape org/inviter names; URL‑encode invitationId and org slug in redirectTo.
  • Redirect: accept link sets redirectTo to /${orgSlug} so users land in the invited org.
  • No access: show “Access denied” EmptyState; button clears stale lastOrgSlug and returns home.
  • Inbox acceptance: show success toast after async steps; fall back to org list when setActive returns no slug before redirect.

^{Written for commit 7aadd8b. Summary will update on new commits.}

[github-actions]

🧪 Benchmark

Should we run the Virtual MCP strategy benchmark for this PR?

React with 👍 to run the benchmark.

Reaction	Action
👍	Run quick benchmark (10 & 128 tools)

Benchmark will run on the next push after you react.

[github-actions]

Release Options

Suggested: Patch (2.252.1) — based on fix: prefix

React with an emoji to override the release type:

Reaction	Type	Next Version
👍	Prerelease	2.252.1-alpha.1
🎉	Patch	2.252.1
❤️	Minor	2.253.0
🚀	Major	3.0.0

Current version: 2.252.0

Note: If multiple reactions exist, the smallest bump wins. If no reactions, the suggested bump is used (default: patch).

[cubic-dev-ai]

No issues found across 4 files