OVERLEAF_NON_ADMIN_CAN_PUBLISH_TEMPLATES is read but never used in permission checks

[Musicminion]

Bug Description

Setting OVERLEAF_NON_ADMIN_CAN_PUBLISH_TEMPLATES=true has no effect. Non-admin users still cannot see or use the "Publish as Template" option.

Root Cause

The environment variable is read and stored in Settings.templates.nonAdminCanManage at modules/template-gallery/index.mjs:23, but this setting is never referenced in the actual permission checks.

The two places that check template publish permissions both only allow admins or the specific template owner user (OVERLEAF_TEMPLATES_USER_ID):

1. modules/template-gallery/app/src/PermissionsMiddleware.mjs:12 (API access control):

   const isAdminOrTemplateOwner = hasAdminAccess(user) || Settings.templates?.user_id === userId

2. app/src/Features/Project/ProjectController.mjs:733 (editor UI visibility):

   const isAdminOrTemplateOwner = hasAdminAccess(user) || Settings.templates?.user_id === userId
   const showTemplatesServerPro = Features.hasFeature('templates-server-pro') && isAdminOrTemplateOwner

Neither location checks Settings.templates?.nonAdminCanManage.

Expected Behavior

When OVERLEAF_NON_ADMIN_CAN_PUBLISH_TEMPLATES=true, all logged-in users should be able to publish templates, not just admins and the template owner user.

Suggested Fix

Update both permission checks to also pass when nonAdminCanManage is true. For example:

// PermissionsMiddleware.mjs
const isAdminOrTemplateOwner = hasAdminAccess(user) || Settings.templates?.user_id === userId
const canManage = isAdminOrTemplateOwner || Settings.templates?.nonAdminCanManage

// ProjectController.mjs
const showTemplatesServerPro = Features.hasFeature('templates-server-pro') && canManage