fix: bypass tenant scope in AttemptController::destroy - null quiz title caused 500 when admin deletes attempt

app/Http/Controllers/AttemptController.php

@@ -19,7 +19,9 @@ class AttemptController extends Controller
         $this->authorizeAdmin();
 
         $candidateName = $attempt->candidate->user->name;
-        $quizTitle = $attempt->quiz->title;
+        // Bypass tenant scope: admin may delete attempts for cross-tenant quizzes
+        $quiz = Quiz::withoutGlobalScopes()->find($attempt->quiz_id);
+        $quizTitle = $quiz?->title ?? "Quiz #{$attempt->quiz_id}";
 
         DB::transaction(function () use ($attempt, $candidateName, $quizTitle) {
             // Log the action