fix(PROJ-51): retain_until_source nicht für Endbenutzer, WARN-Status in CLI

- search_handlers.go: retain_until_source wird nur noch an Rollen != user
  ausgegeben, um interne Archivierungsregel-IDs nicht an normale
  Endbenutzer zu exponieren
- cmd_status.go: archivmail status zeigt [WARN] statt [OK] wenn Detail
  mit "WARNUNG" beginnt (z.B. PROJ-51 Retention-Check); Exit-Code/r.OK
  bleibt unverändert

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cmd/archivmail/cmd_status.go

@@ -66,6 +66,11 @@ func runStatus(args []string) {
 			status := "OK"
 			if !r.OK {
 				status = "FEHLER"
+			} else if strings.HasPrefix(r.Detail, "WARNUNG") {
+				// Non-fatal but GoBD-relevant (e.g. PROJ-51 retention check):
+				// reflect the warning in the status label without affecting
+				// the exit code (r.OK stays true).
+				status = "WARN"
 			}
 			if r.Latency != "" {
 				fmt.Printf("[%-6s] %-12s %s (%s)\n", status, r.Name, r.Detail, r.Latency)

internal/api/search_handlers.go

@@ -326,13 +326,15 @@ func (s *Server) handleGetMail(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// PROJ-51: retention lock + its source for auditor traceability.
+	// The source (e.g. "rule:<id>") exposes internal archiving-rule IDs and is
+	// therefore only included for roles that may manage/audit those rules.
 	var retainUntil interface{} = nil
 	var retainSource interface{} = nil
 	if until, source, rerr := s.store.GetRetentionInfo(r.Context(), id); rerr == nil {
 		if until != nil {
 			retainUntil = until.UTC().Format(time.RFC3339)
 		}
-		if source != "" {
+		if source != "" && sess.Role != userstore.RoleUser {
 			retainSource = source
 		}
 	}