Fix admin seed, open username/email changes, invite refresh & revocation

- Seed checks for any admin role instead of username='admin'
- Username change open to all registered users (was admin-only)
- New change-email endpoint requiring password confirmation
- Settings page: inline editing for username and email
- Invitations: await refresh after generate so list updates visibly
- Invitations: revoke button to delete unused invites (admin only)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/web/src/lib/api.ts

@@ -135,6 +135,11 @@ export const api = {
         method: 'POST',
         body: JSON.stringify({ username }),
       }),
+    changeEmail: (email: string, currentPassword: string) =>
+      request<{ success: boolean; token: string }>('/api/auth/change-email', {
+        method: 'POST',
+        body: JSON.stringify({ email, currentPassword }),
+      }),
   },
   config: {
     get: () => request<{ requireInvite: boolean; userInvitations: number }>('/api/config'),
@@ -154,6 +159,7 @@ export const api = {
       }>;
     }>('/api/invites'),
     remaining: () => request<{ remaining: number }>('/api/invites/remaining'),
+    revoke: (id: string) => request<{ deleted: boolean }>(`/api/invites/${id}`, { method: 'DELETE' }),
   },
   saves: {
     list: () => request<{ saves: Array<{ id: string; companyName: string; era: string; tickCount: number; updatedAt: string }> }>('/api/saves'),