Fix OIDC household invitation (issue #900) (#904)

* Fix OIDC household invitation (issue #900)

- Auto-add existing user when inviting by email (no invite email sent)
- Accept page: choose 'Create account' or 'Sign in' (supports OIDC)
- Store invitation token in session on sign-in; accept after login (password,
  OIDC, OIDC link, OIDC JIT, MFA)
- Invitation#accept_for!(user): add user to household and mark accepted
- Defensive guards: nil/blank user, token normalization, accept_for! return check

* Address PR review: rename accept_for! to accept_for, i18n OIDC notice, test fixes, stub Rails.application.config

* Fix flaky system test: assert only configure step, not flash message

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: mkdev11 <jaysmth689+github@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

app/controllers/application_controller.rb

@@ -18,6 +18,28 @@ class ApplicationController < ActionController::Base
   helper_method :demo_config, :demo_host_match?, :show_demo_warning?
 
   private
+    def accept_pending_invitation_for(user)
+      return false if user.blank?
+
+      token = session[:pending_invitation_token]
+      return false if token.blank?
+
+      invitation = Invitation.pending.find_by(token: token.to_s)
+      return false unless invitation
+      return false unless invitation.accept_for(user)
+
+      session.delete(:pending_invitation_token)
+      true
+    end
+
+    def store_pending_invitation_if_valid
+      token = params[:invitation].to_s.presence
+      return if token.blank?
+
+      invitation = Invitation.pending.find_by(token: token)
+      session[:pending_invitation_token] = token if invitation
+    end
+
     def detect_os
       user_agent = request.user_agent
       @os = case user_agent