feat: Add team settings management with configurable defaults and enhanced deletion protection

[Raafay-Qureshi]

Summary

Implements comprehensive team settings management functionality and enhances team deletion protection to prevent data loss from active resources.

Features Added

1. Team Settings Model

Created TeamSettings model with:

• Default Availability: Configurable time slots for each day of the week (Monday-Sunday)
• Email Templates: Customizable templates for interview invitations, reminders, cancellations, and team invitations with placeholder variables ({{candidateName}}, {{teamName}}, etc.)
• Interview Duration Defaults: Per-type durations (technical, behavioral, cultural, screening) with validation (15-480 minutes)
• Group Configuration: Settings for max group size (1-1000), member self-assignment, and join approval requirements

2. Team Settings API Endpoints

GET /api/teams/:id/settings

• Access: Team members (authenticated users in the team)
• Behavior: Auto-creates default settings if none exist
• Returns: Complete settings configuration

PUT /api/teams/:id/settings

• Access: Team admin only
• Behavior: Partial updates with deep merge for nested objects
• Validation: Zod schemas for all input fields
• Fix: Proper Mongoose document modification using markModified() to ensure persistence

3. Enhanced Team Deletion Protection

Updated DELETE /api/teams/:id to prevent deletion when:

• Active meetings exist (scheduled, confirmed, or rescheduled status)
• Active members exist (excluding the admin)
• Provides descriptive error messages with counts of blocking resources
• Cleans up team settings on successful deletion

Security & Validation

• JWT authentication required on all endpoints
• Role-based authorization (admin-only for modifications)
• Permission checks using PermissionChecker utility
• Zod validation for all request data:
  • Time format validation (HH:mm regex)
  • Numeric range validation (durations, group sizes)
  • Proper ObjectId validation

Testing

All endpoints tested manually via Postman:

• ✅ GET settings creates defaults on first access
• ✅ PUT settings performs partial updates correctly
• ✅ Deep merge works for nested objects (availability, templates)
• ✅ Validation rejects invalid data (time format, duration ranges)
• ✅ Authorization works (team members read, admin write)
• ✅ Team deletion blocked by active meetings
• ✅ Team deletion blocked by active members
• ✅ Settings deleted with team

Acceptance Criteria Met

• Admins can create, edit, and delete teams (already existed)
• Team settings can be configured and saved
• Team data validation works correctly
• Team listings and details are correctly displayed (already existed)
• Teams cannot be deleted if they have active schedules or members
• All team management endpoints are protected with proper authorization

Files Modified

• New: backend/src/models/teamSettings.ts - TeamSettings model
• Modified: backend/src/routes/teamRoutes.ts - Added settings endpoints and enhanced deletion

Closes #99