fix(idaa): check UUID against trusted/admin lists directly for Jitsi moderator

$ae_loc.trusted_access is only ever upgraded, never downgraded — it sticks
across Novi impersonation even though a different UUID is in the URL. Instead,
check user_id directly against $idaa_loc.novi_admin_li / novi_trusted_li so
the moderator grant is tied to the specific UUID being used, not the inherited
session access level.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/routes/idaa/(idaa)/video_conferences/+page.svelte

@@ -477,12 +477,18 @@ async function fetch_novi_data() {
             }
         }
 
-        // Trusted/admin users are always moderators — the IDAA layout already verified
-        // this UUID against novi_trusted_li / novi_admin_li (from site config) and set
-        // $ae_loc.trusted_access. Re-using that result avoids a redundant API call.
-        if ($ae_loc.trusted_access) {
+        // Trusted/admin users are always moderators. Check the UUID directly against the
+        // known lists rather than $ae_loc.trusted_access — that flag is only upgraded, never
+        // downgraded, so it sticks across Novi impersonation (which does a full iframe reload
+        // with a different UUID but doesn't reset the inherited access level).
+        const admin_li: string[] = $idaa_loc.novi_admin_li ?? [];
+        const trusted_li: string[] = $idaa_loc.novi_trusted_li ?? [];
+        const is_trusted_uuid = user_id
+            ? admin_li.includes(user_id) || trusted_li.includes(user_id)
+            : false;
+        if (is_trusted_uuid) {
             is_moderator = true;
-            console.log(`Jitsi: User ${user_id} is moderator via trusted/admin access level.`);
+            console.log(`Jitsi: User ${user_id} is moderator via admin/trusted UUID list.`);
         } else {
             // For regular authenticated members, check the specific meeting group.
             // Prefer g_uuid from URL (per-meeting, more precise); fall back to the global