HIGH fixes:
- Access Token now used as PGP Passphrase: replaced session.AccessToken
with session.MailPassphrase for all PGP operations
- Session stored encrypted in keyring and file (was plain JSON)
- Added checkAuthenticated() helper with IsAuthenticated() guard
MEDIUM fixes:
- Added MailPassphrase field to Session, collected during login
- Added email validation in LoginInteractive
- Added keyring cleanup on Logout
- Implemented RefreshToken with actual API call
LOW fixes:
- Added mutex to PGPKeyRing for thread safety
- Added ZeroPrivateKeyData() for memory cleanup
- Use net/mail.ParseAddress for proper recipient parsing
- Renamed internal/mail import to internalmail to avoid conflict
- cmd/mail.go: Fix duplicate --body/--body-file flag binding (both used bodyFile)
- internal/mail/client.go: Add PGP encryption to Send via EncryptBody, add passphrase to MoveToTrash and SendDraft
- internal/mail/pgp.go: Store armored private key, add getUnlockedKeyRing helper,
fix Decrypt/SignData/EncryptAndSign/DecryptAttachment to use passphrase via key.Unlock
- internal/mail/pgp.go: Add EncryptBody method for Send encryption with sender key
- cmd/draft.go: Update SendDraft call to include passphrase parameter
