DDOC-1723: Clarify Custom Terms of Service scope for headless users

[kojimaru14]

Description

• Document which user types are subject to Managed Terms of Service, clarifying that service accounts and App Users (headless users) are exempt even when Custom ToS is enabled for managed users.
• Add server-authentication guidance for Terms of Service enforcement across JWT/CCG, As-User, user access tokens, and OAuth flows, including a programmatic acceptance recovery path.
• Update terms_of_service_required error guidance.

Fixes # (issue)
Re DDOC-1723

Changes

Terms of Service guides

• content/guides/security/terms-of-service/index.md — user-type table and Managed ToS scope
• content/guides/security/terms-of-service/flow.md — server auth / impersonation table and programmatic acceptance steps
• content/guides/security/terms-of-service/permissions.md — headless user criteria and As-User requirement for admin acceptance

API errors

• content/guides/api-calls/permissions-and-errors/common-errors.md — richer terms_of_service_required solution

Checklist

• [ y ] My code follows the style guidelines of this project
• [ y ] I have performed a self-review of my own changes
• [ y ] I have run yarn lint to make sure my changes pass all linters
• [ y ] I have pulled the latest changes from the upstream developer branch