fix: EditDrawer correctly reads and labels unlisted privacy

- serve/server.py GET adds private:bool to the response (true when
  privacy is "unlisted" or legacy "private") so EditDrawer can read it
- edit/server.py GET: same fix for the single-user edit server
- EditDrawer: fall back to d.privacy if d.private is absent; rename
  "Private" toggle label to "Unlisted"

bincio/edit/server.py

@@ -407,7 +407,7 @@ async def get_activity(activity_id: str) -> JSONResponse:
         "gear": fm.get("gear", detail.get("gear") or ""),
         "description": body or fm.get("description") or detail.get("description") or "",
         "highlight": fm.get("highlight", detail.get("custom", {}).get("highlight", False)),
-        "private": fm.get("private", detail.get("privacy") == "private"),
+        "private": fm.get("private", detail.get("privacy") in ("private", "unlisted")),
         "hide_stats": fm.get("hide_stats", detail.get("custom", {}).get("hide_stats", [])),
         "images": images,
     })

bincio/serve/server.py

@@ -1236,7 +1236,11 @@ async def get_activity(
     user = _require_user(bincio_session)
     _check_id(activity_id)
     path = _require_owns(activity_id, user)
-    return JSONResponse(json.loads(path.read_text()))
+    detail = json.loads(path.read_text())
+    # Normalise for EditDrawer: add `private` bool so the drawer works regardless
+    # of whether the raw JSON uses the old "private" or the new "unlisted" value.
+    detail["private"] = detail.get("privacy") in ("private", "unlisted")
+    return JSONResponse(detail)
 
 
 @app.post("/api/activity/{activity_id}", response_model=ActivityEditResponse)