feat(api): return 403 when attempting to remove last owner

Handle edge case where removing a member would leave an organization
without any owners. Service layer raises ValueError for this scenario,
which the API endpoint catches and converts to a forbidden response
with actionable error message about transferring ownership.

gatehouse_app/services/organization_service.py

@@ -379,6 +379,15 @@ class OrganizationService:
             logger.debug(f"[Org] Member removal: org_id={org.id}, user_id={user_id}, found={member is not None}")
 
         if member:
+            if member.role == OrganizationRole.OWNER:
+                owner_count = OrganizationMember.query.filter(
+                    OrganizationMember.organization_id == org.id,
+                    OrganizationMember.role == OrganizationRole.OWNER,
+                    OrganizationMember.deleted_at.is_(None),
+                    OrganizationMember.user_id != user_id,
+                ).count()
+                if owner_count < 1:
+                    raise ValueError("Cannot remove the only owner from an organization. Transfer ownership first.")
             member.delete(soft=True)
 
             # Log member removal