feat: passwordless registration — defer account creation to approval

Removes password from the volunteer registration form. Account
creation is now deferred to the approval step:

Backend:
- Registration creates Person without User (user_id=null)
- On approval, system finds or creates User by person.email
- New accounts get a "set password" email with activation link
- Existing accounts get a portal link email
- Added registration_source column to persons (self/organizer)
- Fuzzy name matching skipped for self-registered persons
- person.email is always source of truth for account linking

Frontend:
- Registration form no longer collects password
- Email check shows info alert with login suggestion
- New wachtwoord-instellen.vue page for account activation
- PasswordRequirements.vue component (reused on reset page)
- Success page updated with activation messaging

Tests: 837 passed (all updated for new flow)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

api/app/Services/PersonIdentityService.php

@@ -106,7 +106,11 @@ final class PersonIdentityService
         }
 
         // === Strategy 2: Fuzzy name match (only if no email match found) ===
-        if ($matches->isEmpty() && $person->first_name && $person->last_name) {
+        // Skip fuzzy matching for self-registered persons — they provided their
+        // own email, so that's the canonical identity. Fuzzy name matching with
+        // a different user would be confusing.
+        if ($matches->isEmpty() && $person->first_name && $person->last_name
+            && ($person->registration_source ?? 'organizer') !== 'self') {
             $nameMatches = $orgUsers->filter(function (User $user) use ($person) {
                 // Skip if same email (already handled above, or would be email match)
                 if ($person->email && strtolower(trim($user->email)) === strtolower(trim($person->email))) {