fix(security): use session email directly instead of extra DB query

Addresses PR review feedback — align with the workspace invitation
route pattern by using session.user.email instead of re-fetching
from the database.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts

@@ -62,13 +62,8 @@ export async function GET(
     }
 
     // Verify caller is either an org member or the invitee
-    const userData = await db
-      .select({ email: user.email })
-      .from(user)
-      .where(eq(user.id, session.user.id))
-      .then((rows) => rows[0])
-
-    const isInvitee = userData && userData.email.toLowerCase() === orgInvitation.email.toLowerCase()
+    const isInvitee =
+      session.user.email?.toLowerCase() === orgInvitation.email.toLowerCase()
 
     if (!isInvitee) {
       const memberEntry = await db