send-bill-approval-invites: forward Authorization on inner invoke

The supabase-js .functions.invoke() call from one edge function to
another doesn't reliably attach the apikey as Authorization, so the
inner send-transactional-email call was failing verify_jwt and
returning 401. Pass the service-role bearer header explicitly.

This is what was actually preventing bill-approval-vote-invite emails
from going out — every Notify Board flow logged 401s on the per-bill
sends, with zero rows ever landing in email_send_log for that template.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

supabase/functions/send-bill-approval-invites/index.ts

@@ -118,6 +118,10 @@ serve(async (req) => {
         const denyLink = `${reviewLink}&action=deny`;
 
         const { error: sendErr } = await admin.functions.invoke("send-transactional-email", {
+          // Explicit Authorization header — supabase-js doesn't reliably
+          // forward the service-role apikey when one edge function invokes
+          // another, so verify_jwt on the inner function returns 401.
+          headers: { Authorization: `Bearer ${serviceKey}` },
           body: {
             templateName: "bill-approval-vote-invite",
             recipientEmail: m.member_email,