fix(idaa): correct reactive loop fix + hide clutter in iframe sys bar

1. Replace incorrect untrack() with idempotent write guard in the
   sys_menu trusted-access effect. untrack() prevents new dep reads but
   ae_loc was already tracked from the outer condition reads, so the write
   still re-notified the effect every run. The guard (only write if value
   != false) breaks the cycle: run 2 finds value already false, skips the
   write, effect stops. Max 2 runs vs the previous infinite loop.

2. Hide auth shield, font-size cycler, and dark/light toggle in the sys
   bar when in iframe mode — host page owns those concerns. Edit mode
   toggle and the main expand button remain visible for staff.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/routes/idaa/+layout.svelte

@@ -218,13 +218,15 @@ $effect(() => {
 // the iframe src to pass show_menu=true, so we watch for trusted_access and unhide it.
 $effect(() => {
     if (browser && $ae_loc.iframe && $ae_loc.trusted_access) {
-        // WHY untrack: writing to $ae_loc inside an effect that reads $ae_loc causes
-        // an infinite reactive loop (effect_update_depth_exceeded). The conditions we
-        // want to react to ($ae_loc.iframe / trusted_access) are tracked above; the
-        // write is a side-effect that must not re-trigger this effect.
-        untrack(() => {
+        // WHY the guard: ae_loc is a tracked dep here (reads above). Writing
+        // $ae_loc.sys_menu.hide re-notifies this effect every run — infinite loop.
+        // untrack() does NOT help: it prevents new dep reads but the store still
+        // notifies already-subscribed effects after the write.
+        // The idempotent write guard breaks the cycle: run 2 finds the value
+        // already false, skips the write, no further re-queue.
+        if ($ae_loc.sys_menu.hide !== false) {
             $ae_loc.sys_menu.hide = false;
-        });
+        }
     }
 });