Initial security fixes (#461)

* Initial sec

* Update PII fields

* FIX add tests

* FIX safely read plaintext data on rake backfill

* Update user.rb

* FIX tests

* encryption_ready? block

* Test conditional to encryption on

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>

app/models/invitation.rb

@@ -1,7 +1,15 @@
 class Invitation < ApplicationRecord
+  include Encryptable
+
   belongs_to :family
   belongs_to :inviter, class_name: "User"
 
+  # Encrypt sensitive fields if ActiveRecord encryption is configured
+  if encryption_ready?
+    encrypts :token, deterministic: true
+    encrypts :email, deterministic: true, downcase: true
+  end
+
   validates :email, presence: true, format: { with: URI::MailTo::EMAIL_REGEXP }
   validates :role, presence: true, inclusion: { in: %w[admin member] }
   validates :token, presence: true, uniqueness: true