Merge branch 'canary' into invite-user-with-initial-credentials

Resolve conflicts:
- Integrate credentials-based user provisioning with canary changes
- Use withPermission("member", "create") instead of adminProcedure
- Adopt standardSchemaResolver, inviteMember mutation, and custom roles from canary
- Restrict credentials flow to non-cloud environments

Author: Siumauricio

apps/dokploy/components/dashboard/settings/users/add-invitation.tsx

@@ -139,7 +139,7 @@ export const AddInvitation = () => {
 			if (data.mode === "credentials") {
 				await createUserWithCredentials({
 					email: data.email.toLowerCase(),
-					password: data.password,
+					password: data.password!,
 					role: data.role,
 				});
 				toast.success("User created with initial credentials");

packages/server/src/services/user.ts

@@ -405,7 +405,7 @@ export const createOrganizationUserWithCredentials = async ({
 	organizationId: string;
 	email: string;
 	password: string;
-	role: "member" | "admin";
+	role: string;
 }) => {
 	const normalizedEmail = email.trim().toLowerCase();
 	const now = new Date();