fix: hide bounty admin actions and stop subdomain handle oracle

[ElizaBackrooms]

Summary

• [UI Bug] Unauthorized 'Edit' and 'Delete' buttons visible on /bounties page #238 — Hide Edit Amount and Delete on org bounty rows unless the viewer is an org :admin or :mod (backend already blocked these; UI now matches).
• subdomain Enumaration via side channel alerting security bug which is critical #201 — Remove the critical Discord/email alert fired when {handle}.algora.io matches a real user handle, which let attackers enumerate valid handles via a side channel.

Test plan

• Log in as a non-admin org member and confirm bounty admin buttons are hidden on /{org}/bounties.
• Log in as org admin/mod and confirm buttons still appear and work.
• Visit {valid-handle}.algora.io and confirm redirect still works without firing a critical alert.
• Visit {invalid-handle}.algora.io and confirm behavior is unchanged for unknown handles.

Closes #238
Closes #201

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

Francisco Lopez seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}