fix(layouts): guard appshell header/footer data stores behind account_id

element_data_store fires its load trigger as soon as api_ready is true,
with no check for account_id. In the IDAA iframe flow, the outer layout
mounts before Novi UUID verification completes, so the footer fetch fires
with no x-account-id header and gets a 403.

Wrap the IDAA outer layout footer in {#if $ae_loc.account_id} so it only
loads once the member's identity is established. Apply the same guard to
the events layout header and footer for consistency.

Journals was already safe (data stores are inside the trusted_access gate).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/routes/events/+layout.svelte

@@ -251,7 +251,7 @@ function clear_sess() {
                     class="mx-1 inline-block text-gray-500 dark:text-gray-400" />
                 <abbr title="Aether - Events Module" class="text-gray-500 dark:text-gray-400 font-semibold"> Æ Events </abbr>
             </span>
-            {#if !$ae_sess?.disable_sys_header}
+            {#if !$ae_sess?.disable_sys_header && $ae_loc.account_id}
                 <Element_data_store
                     ds_code="hub__site__appshell_header"
                     ds_type="html" />
@@ -364,7 +364,7 @@ function clear_sess() {
         </button>
     </div>
 
-    {#if !$ae_sess?.disable_sys_footer}
+    {#if !$ae_sess?.disable_sys_footer && $ae_loc.account_id}
         <footer
             class:hidden={yTop > 300}
             class:opacity-80={yTop < 250}