fix: include role in organisation invite list/retrieve responses

[cloorc]

Thanks for submitting a PR! Please check the boxes below:

• I have read the Contributing Guide.
• I have added information to docs/ if required so people know about the feature.
• I have filled in the "Changes" section below.
• I have filled in the "How did you test this code" section below.

Changes

InviteSerializer (used by the create action of
/api/v1/organisations/{id}/invites/) exposes the invite's organisation
role, but InviteListSerializer (used by the list and retrieve
actions) omits it:

class InviteListSerializer(serializers.ModelSerializer):
    invited_by = UserListSerializer()

    class Meta:
        model = Invite
        fields = ("id", "email", "date_created", "invited_by", "permission_groups")
        #                                                       ^ no "role"

As a result, an invite created with role USER is returned with no role
field at all when listed or retrieved. API consumers (and the dashboard's
pending-invites UI) then have nothing to display and fall back to a default
of ADMIN, so a pending invite appears to have a different role than it was
created with. The role is persisted correctly — only the read path drops it.

This PR adds role to InviteListSerializer.fields so list/retrieve
responses report the persisted role, consistent with create and with
InviteLinkSerializer (which already exposes role). The change is purely
additive and backward compatible.

How did you test this code?

• Added test_list_invites__returns_role_for_each_invite, which creates one
  ADMIN and one USER invite and asserts the list endpoint returns the
  correct role for each.
• Extended test_retrieve_invite__valid_invite__returns_200 to assert the
  retrieve response includes role matching the invite.

Both new assertions fail against main (the field is absent) and pass with
this change.

[vercel]

@cloorc is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.