feat(member-tools): nudge publisher/adtech org admins to populate brand.json properties

[bokelley]

Closes #4280

Summary

Adds a setup-alert nudge to the member dashboard for publisher and adtech org admins whose brand.json has zero properties. Empty properties create downstream discovery gaps: brand.json → property catalog → ad-agents.json delegation all depend on this data being populated.

The nudge appears when all of:

• Org is active member-tier and not a personal account
• Signed-in user has org.role of admin or owner
• org.billing.company_type is publisher or adtech
• profile.primary_brand_domain is set (brand-mapped)
• profile.resolved_brand.property_count is 0 or undefined
• User has not snoozed it in the last 7 days

Dismissing snoozes for 7 days via localStorage (keyed per org ID), after which it resurfaces if properties are still empty. This differs from the session-only sessionStorage dismissal used by the other setup alerts, which are either self-resolving (publish profile, add logo) or action-gated (pending join requests). The CSS.escape() fix on the existing querySelector in dismissSetupAlert is a pre-existing unsafe pattern corrected in this PR.

Non-breaking justification: adds a new client-side conditional branch in dashboard.html; no API changes, no schema changes, no existing behaviour altered.

Pre-PR review:

• code-reviewer: approved (2 iterations — isAdmin scope → org.role, snooze key mismatch → resolved with currentOrg?.id invariant, CSS.escape added)
• internal-tools-strategist: approved — no overbuild risk, localStorage snooze is the right pattern, org.role gate correct for per-org admin check

Triage-managed PR. This bot does not currently iterate on
review comments or PR conversation threads (only on the source
issue). To unblock:

• Push fixup commits directly: gh pr checkout <num> →
  fix → push.
• Or re-trigger: comment /triage execute on the source
  issue.

See #3121
for context.

Session: https://claude.ai/code/session_01BYkdrK3XyCwvkc6XAmLz74

---

Generated by Claude Code