feat: add email verification toggle to admin settings

Adds platform-level toggle to enable/disable email verification.
When disabled, the verification banner is hidden and the send
endpoint returns 403.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/api/endpoints/auth.py

@@ -7,6 +7,7 @@ from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy import select
 from app.core.config import settings
+from app.core.settings_manager import SettingsManager
 from app.core.database import get_db
 from app.core.rate_limit import limiter
 from app.core.security import (
@@ -595,6 +596,15 @@ async def reset_password(
     return {"message": "Password has been reset successfully"}
 
 
+@router.get("/email/verification-status")
+async def get_verification_status(
+    db: Annotated[AsyncSession, Depends(get_db)]
+):
+    """Check if email verification is enabled on the platform."""
+    enabled = await SettingsManager.get("email_verification_enabled", db, default=True)
+    return {"enabled": enabled}
+
+
 @router.post("/email/send-verification")
 @limiter.limit("3/minute")
 async def send_verification_email(
@@ -603,6 +613,13 @@ async def send_verification_email(
     db: Annotated[AsyncSession, Depends(get_db)]
 ):
     """Send an email verification link to the current user."""
+    verification_enabled = await SettingsManager.get("email_verification_enabled", db, default=True)
+    if not verification_enabled:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Email verification is currently disabled"
+        )
+
     if current_user.email_verified_at is not None:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,