idaa/video_conferences: restrict invite button to trusted_access staff only

The Jitsi invite dialog can expose backend room URLs and paths.
Previously invite was gated on is_moderator (any Novi group moderator).

Now restricted to $ae_loc.trusted_access (IDAA staff in Aether) so
regular member moderators cannot send invites. All other toolbar
buttons are unchanged.

src/routes/idaa/(idaa)/video_conferences/+page.svelte

@@ -894,12 +894,13 @@ async function init_jitsi() {
             // Explicit toolbar whitelist — omitting 'embedmeeting' entirely.
             // "Embed Meeting" exposes the Jitsi host/room URL and must never appear
             // for IDAA users (authenticated or not) — privacy requirement.
-            // 'invite' is only included for moderators — regular attendees should not
-            // be able to invite others directly; that is the meeting organizer's role.
+            // 'invite' is restricted to trusted_access (IDAA staff) only — regular member
+            // moderators are excluded because the invite dialog can expose backend paths
+            // and room URLs that should not be visible to general members.
             toolbarButtons: [
                 'camera', 'chat', 'closedcaptions', 'desktop', 'download',
                 'etherpad', 'feedback', 'filmstrip', 'fullscreen', 'hangup',
-                'help', ...(is_moderator ? ['invite'] : []), 'livestreaming', 'microphone',
+                'help', ...($ae_loc.trusted_access ? ['invite'] : []), 'livestreaming', 'microphone',
                 'mute-everyone', 'mute-video-everyone', 'participants-pane',
                 'profile', 'raisehand', 'recording', 'security',
                 'select-background', 'settings', 'shareaudio', 'sharedvideo',