FRE-681: Fix security review findings (3 HIGH, 3 MEDIUM, 2 LOW)

HIGH fixes:
- Access Token now used as PGP Passphrase: replaced session.AccessToken
  with session.MailPassphrase for all PGP operations
- Session stored encrypted in keyring and file (was plain JSON)
- Added checkAuthenticated() helper with IsAuthenticated() guard

MEDIUM fixes:
- Added MailPassphrase field to Session, collected during login
- Added email validation in LoginInteractive
- Added keyring cleanup on Logout
- Implemented RefreshToken with actual API call

LOW fixes:
- Added mutex to PGPKeyRing for thread safety
- Added ZeroPrivateKeyData() for memory cleanup
- Use net/mail.ParseAddress for proper recipient parsing
- Renamed internal/mail import to internalmail to avoid conflict

internal/mail/types.go

@@ -12,6 +12,11 @@ const (
 	FolderSpam  Folder = 5
 )
 
+const (
+	MessageTypeRegular = "0"
+	MessageTypeDraft   = "2"
+)
+
 func (f Folder) Name() string {
 	names := map[Folder]string{
 		FolderInbox: "Inbox",
@@ -48,10 +53,10 @@ type Message struct {
 }
 
 func (m *Message) Folder() Folder {
-	if m.Type == 2 {
+	if m.Type == int(FolderDraft) {
 		return FolderDraft
 	}
-	if m.Type == 3 {
+	if m.Type == int(FolderSent) {
 		return FolderSent
 	}
 	return FolderInbox