feat: Suggest to act on inactive users

[Furan05]

Related issue(s)

Closes #940.

Detects inactive users to help complying with the GDPR, suggests the
admin to anonymize or delete them, and optionally applies the action
automatically.

A user is considered inactive when they only have authorizations of
type user (or none at all), and their last activity (or creation
date if they never had any) is older than APP_USERS_INACTIVITY_TIME
months (default 12).

Three commits, each one self-contained:

1. Detection via UserRepository::findInactive(), relying on
   EntityEventRepository::findLastActivityAtForUser().
2. Display of an orange Inactive badge on the users index, plus
   a warning paragraph on the user profile suggesting to act.
3. Auto-cleanup in CleanDataHandler driven by
   APP_USERS_INACTIVITY_AUTO (none by default).

A few decisions worth flagging:

• Inactivity definition: I went with no EntityEvent produced for
  N months, with a fallback on User.createdAt. Felt the most
  semantically correct in a GDPR context. Open to your feedback.
• User::anonymize($name, ?self $by): signature relaxed from
  self to ?self to allow auto-anonymization from the handler
  (no authenticated user). The DB column was already nullable, this
  just aligns the PHP signature with the schema.
• Anonymization panel on the user edit page: added so the warning
  can link to a single page where both anonymize and delete are
  available. The existing modal entry in the show page Actions menu
  is untouched.

How to test manually

Pre-requisites:

• A user with no authorization (or only user authorizations) and
  whose createdAt is older than APP_USERS_INACTIVITY_TIME months
  (or set the variable to 1 in .env.local for faster tests).

Detection & display (Commit 2):

1. Go to /users. The inactive user shows an orange Inactive badge.
2. Open the user profile. A warning paragraph suggests to anonymize
   or delete them, linking to the edit page.
3. On the edit page, you should see two panels at the bottom:
   Anonymization (new) and Deletion (existing). Both trigger a
   native browser confirm popup on submit.
4. Confirm the anonymization → user is anonymized and you are
   redirected to the show page with the standard "anonymized by..."
   message.

Auto-cleanup (Commit 3):

1. In .env.local, set APP_USERS_INACTIVITY_TIME=1 and
   APP_USERS_INACTIVITY_AUTO=anonymize (or delete).
2. Trigger the CleanData message (either wait for the scheduler, or
   temporarily lower Schedule.php to every 1 minute).
3. Check the worker logs: [CleanData] N inactive user(s) anonymized
   (or deleted).
4. Verify in DB that the inactive users have anonymized_at set
   (or are removed if mode is delete).
5. Set APP_USERS_INACTIVITY_AUTO=banana and re-trigger: a warning
   is logged and no user is touched.

Reviewer checklist

• Code is manually tested
• Permissions / authorizations are verified
• New data can be imported
• Interface works on both mobiles and big screens
• Interface works in both light and dark modes
• Interface works on both Firefox and Chrome
• Accessibility has been tested
• Translations are synchronized
• Tests are up to date
• Copyright notices are up to date
• Documentation is up to date
• Pull request has been reviewed and approved