feat(PROJ-30): Xapian → Manticore Search Migration

- internal/index/manticore.go: ManticoreTenantManager + manticoreIndex (RT-Indizes, CGO-frei)
- internal/index/index.go: TenantIndexer Interface (Xapian + Manticore)
- internal/index/tenant_worker.go: mgr-Typ auf TenantIndexer Interface
- internal/api/server.go: idxMgr auf TenantIndexer Interface
- config/config.go: IndexConfig.ManticoreDSN Feld
- cmd/archivmail/cmd_reindex.go: reindex Subkommando
- cmd/archivmail/main.go: Manticore-Branch + reindex Case
- go.mod: github.com/go-sql-driver/mysql v1.8.1
- update.sh: Manticore auto-install, CGO_ENABLED=0, config.yml migration, auto-reindex

fix(IMAP): TCP-Deadline-Wrapper für steckengebliebene Imports
fix(auth): Email-Claim in JWT für User-Isolation
fix(search): User-Isolation via sess.Email (fail-safe)
fix(ui): Admin-Login Auth-Cache, Logout-Redirect, IMAP-Polling-Resilienz

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/auth/auth.go

@@ -22,6 +22,7 @@ import (
 type Session struct {
 	UserID     int64
 	Username   string
+	Email      string
 	Role       string
 	JTI        string // unique JWT ID
 	TenantID   *int64
@@ -193,6 +194,7 @@ func (m *Manager) issueToken(user *userstore.User) (string, *userstore.User, err
 
 	claims := jwt.MapClaims{
 		"sub":         user.Username,
+		"email":       user.Email,
 		"role":        user.Role,
 		"uid":         user.ID,
 		"jti":         jti,
@@ -338,6 +340,7 @@ func (m *Manager) ValidateToken(tokenStr string) (*Session, error) {
 	}
 
 	username, _ := claims["sub"].(string)
+	email, _ := claims["email"].(string)
 	role, _ := claims["role"].(string)
 
 	var userID int64
@@ -364,6 +367,7 @@ func (m *Manager) ValidateToken(tokenStr string) (*Session, error) {
 	return &Session{
 		UserID:   userID,
 		Username: username,
+		Email:    email,
 		Role:     role,
 		JTI:      jti,
 		TenantID: tenantID,