fix: allow logo endpoint without auth for <img> tag loading

Logo images are loaded via <img src> which doesn't carry auth cookies
reliably during login transitions. Changed from requireAuth to
optionalAuth — logos are not sensitive data.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/routes/admin/company-settings.ts

@@ -1,6 +1,10 @@
 import { FastifyInstance } from "fastify";
 import prisma from "../../config/database";
-import { requireAuth, requirePermission } from "../../middleware/auth";
+import {
+  requireAuth,
+  requirePermission,
+  optionalAuth,
+} from "../../middleware/auth";
 import { logAudit } from "../../services/audit";
 import { success, error } from "../../utils/response";
 import multipart from "@fastify/multipart";
@@ -60,7 +64,7 @@ export default async function companySettingsRoutes(
   await fastify.register(multipart, { limits: { fileSize: 5 * 1024 * 1024 } });
 
   // GET /api/admin/company-settings/logo?variant=light|dark
-  fastify.get("/logo", { preHandler: requireAuth }, async (request, reply) => {
+  fastify.get("/logo", { preHandler: optionalAuth }, async (request, reply) => {
     const query = request.query as Record<string, string>;
     const variant = query.variant === "dark" ? "dark" : "light";
     const column = variant === "dark" ? "logo_data_dark" : "logo_data";