fix: expose license status to unauthenticated /system-features callers

After force-logout due to license expiry, the login page calls
/system-features without auth. The license block was gated behind
is_authenticated, so the frontend always saw status='none' instead
of the actual expiry status. Split the guard so license.status and
expired_at are always returned while workspace usage details remain
auth-gated.

api/services/feature_service.py

@@ -361,11 +361,14 @@ class FeatureService:
             )
             features.webapp_auth.sso_config.protocol = enterprise_info.get("SSOEnforcedForWebProtocol", "")
 
-        if is_authenticated and (license_info := enterprise_info.get("License")):
+        # License status and expiry are always exposed so the login page can
+        # show the expiry UI after a force-logout (the user is unauthenticated
+        # at that point).  Workspace usage details remain auth-gated.
+        if license_info := enterprise_info.get("License"):
             features.license.status = LicenseStatus(license_info.get("status", LicenseStatus.INACTIVE))
             features.license.expired_at = license_info.get("expiredAt", "")
 
-            if workspaces_info := license_info.get("workspaces"):
+            if is_authenticated and (workspaces_info := license_info.get("workspaces")):
                 features.license.workspaces.enabled = workspaces_info.get("enabled", False)
                 features.license.workspaces.limit = workspaces_info.get("limit", 0)
                 features.license.workspaces.size = workspaces_info.get("used", 0)