fix(featured-events): remove token gate from FeaturedEventsAPI

FeaturedEventsAPI had AllowAny permission but still called
validate_token_and_get_user(), causing it to return a token-required
error for unauthenticated requests from the desktop hero slider.

Removed the token check entirely — the endpoint is public by design.
Also tightened the queryset to event_status='published' to match
ConsumerFeaturedEventsView behaviour.

mobile_api/views/events.py

@@ -581,11 +581,7 @@ class FeaturedEventsAPI(APIView):
 
     def post(self, request):
         try:
-            user, token, data, error_response = validate_token_and_get_user(request)
-            if error_response:
-                return error_response
-
-            events = Event.objects.filter(is_featured=True).order_by('-created_date')
+            events = Event.objects.filter(is_featured=True, event_status='published').order_by('-created_date')
             event_list = []
             for e in events:
                 data_dict = model_to_dict(e)