Guard no-JS file uploads: disabled filepond_mode by default, server-side fallback

The partage/admin form had a hardcoded filepond_mode=1 hidden input,
so without JavaScript the server always entered the FilePond async
path — which found no hex IDs and silently dropped all files.

Three-layer fix:
1. HTML: filepond_mode input starts disabled with value=0; JS enables
   it and sets value=1 on DOMContentLoaded (and after HTMX swaps).
   Disabled inputs aren't submitted → server gets no filepond_mode
   → naturally falls to legacy  path.
2. JS: enableFilepondMode() called on page load and hx:afterSwap so
   FilePond-enhanced forms always send filepond_mode=1.
3. Server (defense-in-depth): ThesisFileHandler::hasFilePondQueueData()
   scans POST['queue_file'] for 32-char hex IDs; ThesisCreateController
   and ThesisEditController use it alongside filepond_mode, so even if
   the flag somehow arrives without async upload IDs, the  path
   takes over.

app/templates/partials/form/form.php

@@ -147,7 +147,9 @@ $errorFieldName = $errorFieldName ?? null;
 <?php endif; ?>
 
     <form action="<?= $formAction ?>" method="post" enctype="multipart/form-data" class="admin-form" data-beforeunload-guard>
-        <input type="hidden" name="filepond_mode" value="1">
+        <!-- Default: JS-disabled mode (disabled → not submitted → server uses $_FILES path).
+             On DOMContentLoaded, JS enables this input and sets value="1" → server uses FilePond path. -->
+        <input type="hidden" name="filepond_mode" value="0" disabled>
         <?= $hiddenFields ?>
 
         <?php if (!$adminMode): ?>