feat(api): explicit enable toggle for WiFi password endpoint

Previously the API was implicitly active whenever a token existed.
Now there's an explicit unifi.api.enabled setting that gates it:

* WifiApiController returns 503 ("API disabled") when the setting is
  off, even if a valid token is presented. Stops the endpoint from
  silently working if a token is lying around.
* Settings page exposes the toggle under the Rotate-WiFi-Passwords
  block. With it off, the token / URL / curl example are hidden.
* The form submit handles the new api_enabled boolean.

v1.6.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/Http/Controllers/WifiApiController.php

@@ -15,6 +15,10 @@ class WifiApiController extends Controller
 {
     public function currentPassword(Request $request)
     {
+        if (! Setting::get('unifi.api.enabled')) {
+            return response()->json(['error' => 'API disabled'], 503);
+        }
+
         $expected = Setting::get('unifi.api_token');
         if (! $expected) {
             return response()->json(['error' => 'API token not configured'], 503);