InvitationStrategy

Controls how invitation tokens are generated and verified.

The default implementation generates a 64-character hex token using randomBytes(32) and verifies based on a configurable time window.

Custom implementations can use shorter/human-readable codes, add external SSO verification, or implement additional validation logic.