Describe the bug
In the Flow stage bindings editor, the labels for the radio buttons to select the Policy Engine mode for that Stage appear to be swapped so that selecting "Any" will result in all policy bindings to have to match in order to execute the stage. Likewise, selecting "All" results in the "Any" behavior.

To Reproduce
Steps to reproduce the behavior:

1. Go to Flows and select a Flow by clicking on its title.
2. Click on 'Stage Bindings'.
3. Expand one of the stages and add two or more policy bindings where it's possible for one or more policies to fail to match.
4. Click 'Edit Binding' on the stage you added the policy bindings to.
5. Select 'Any' under Policy Engine mode.
6. Try a login where one of the policies would be true but the other would be false.

Expected behavior
Because the 'Any' policy engine mode was selected, it should execute the stage because one of the policies returned true. Instead it will fail to execute because it's really applying the 'all' mode. You can confirm this by going back and testing a login where both policies will be true, allowing the stage to execute. Alternatively you can select the 'all' mode radio button and it will start executing the stage if only one of the policies is true.

Additional Context
In my case, for my mfa stage I had a policy that checked if the user was on the local network and a second policy that checked to see if the user was part of a specific group; both were negated so they would prevent the flow from requiring an MFA check if either was the case. When I logged into the user that was in the group while on my network, MFA was not required. When I logged in as my admin user (not in the exempt group) while on my local network, MFA was required during login. When I logged in as the group user while not on my network, MFA was required when it shouldn't be.

Version and Deployment (please complete the following information):

• authentik version: 2024.4.2
• Deployment: Unraid Docker