feat(idenfy): apply Human ID KYC branding theme to token sessions

[calebtuttle]

What

Pass our iDenfy KYC branding theme UUID as the theme parameter on POST /api/v2/token so the hosted iDenfy verification UI renders with Human ID branding (colors + logo) instead of iDenfy's stock look.

Why

We recently shipped iDenfy in the gov-id and clean-hands flows, but the verify page still showed iDenfy's default branding. iDenfy's documented per-session override is the theme field (UUID from the dashboard Branding section); when omitted, iDenfy falls back to its built-in "Default" theme.

How

• Added module constant IDENFY_KYC_THEME_UUID in src/services/idenfy/token.ts.
• Added optional theme to CreateIdenfyTokenRequest (replaces the old TODO note about optional fields).
• Set theme: IDENFY_KYC_THEME_UUID in the token request body.

Both the gov-id and clean-hands flows funnel through createIdenfyToken, so this single change covers both. No frontend changes needed — the theme is baked into the session server-side at token mint time.

Notes / reviewer attention

• Prod + sandbox scope: the theme is sent on both live and sandbox token calls (the sandbox flag only switches API credentials, not the body). iDenfy themes are per-account, so this UUID must exist in both the live and sandbox iDenfy dashboards. If we want live-only, it's a one-line gate on the existing sandbox arg.
• Verification: generate one session and open the iframe to confirm the theme actually renders for the account in use.

Test plan

• Sandbox: create an iDenfy session, open the iframe, confirm Human ID colors/logo render.
• Confirm the theme UUID exists in both live and sandbox accounts (or decide to gate to live-only).

🤖 Generated with Claude Code