Add company invitation system (backend)

New feature allowing company owners/admins to invite users by email with
a specific company-scoped role.

Database:
- New company_invitations table (company_id, email, role_id, token,
  status, invited_by, expires_at)

Backend:
- CompanyInvitation model with pending/forUser scopes
- InvitationService: invite, accept, decline, getPendingForUser
- CompanyInvitationMail with markdown email template
- InvitationController (company-scoped): list, send, cancel invitations
- InvitationResponseController (user-scoped): pending, accept, decline
- BootstrapController returns pending_invitations in response
- CompanyMiddleware handles zero-company users gracefully

Tests: 9 feature tests covering invite, accept, decline, cancel, expire,
duplicate prevention, and bootstrap integration.

app/Http/Middleware/CompanyMiddleware.php

@@ -9,18 +9,25 @@ use Symfony\Component\HttpFoundation\Response;
 
 class CompanyMiddleware
 {
-    /**
-     * Handle an incoming request.
-     *
-     * @return mixed
-     */
     public function handle(Request $request, Closure $next): Response
     {
         if (Schema::hasTable('user_company')) {
             $user = $request->user();
 
-            if ((! $request->header('company')) || (! $user->hasCompany($request->header('company')))) {
-                $request->headers->set('company', $user->companies()->first()->id);
+            if (! $user) {
+                return $next($request);
+            }
+
+            $firstCompany = $user->companies()->first();
+
+            // User has no companies — allow request through without company header
+            // (BootstrapController handles this gracefully)
+            if (! $firstCompany) {
+                return $next($request);
+            }
+
+            if (! $request->header('company') || ! $user->hasCompany($request->header('company'))) {
+                $request->headers->set('company', $firstCompany->id);
             }
         }