Force SSO for new sign-ups (closes #64)

[li-xinwei]

Summary

• Add PREVENT_NEW_LOCAL_PASSWORDS environment variable that controls whether local sign-ups are allowed
• When enabled, the sign-up page shows only Google and Snap! SSO buttons (no username/password form)
• When enabled, the sign-in page places SSO buttons at the top with the traditional password form below, so existing users can still log in
• Server-side guard in RegistrationsController prevents bypassing the UI restriction via direct POST
• No existing auth code is deleted — the local form is conditionally hidden to avoid upstream merge conflicts
• Uses the existing Feature toggle system (same pattern as reCAPTCHA)

Changes

• config/initializers/feature.rb — register :prevent_local_signups feature flag
• app/views/devise/registrations/new.html.haml — conditionally show SSO-only sign-up
• app/views/devise/sessions/new.html.haml — reorder SSO above password when flag active
• app/views/devise/shared/_sso_buttons.html.haml — new partial for Google + Snap! buttons
• app/controllers/registrations_controller.rb — block local sign-up POST when flag active
• dotenv.example — document the new environment variable

Test plan

• Set PREVENT_NEW_LOCAL_PASSWORDS=true and verify sign-up page shows only SSO buttons
• Verify sign-in page shows SSO buttons above the password form
• Verify direct POST to /accounts is rejected with redirect
• Without the env var, verify both pages behave exactly as before

Closes #64