feat(user): enhance email handling with validation and normalization functions

- Introduced `looksLikePlausibleEmail` to validate email format, ensuring only plausible addresses are processed.
- Added `normalizeEmailCandidate` to standardize email input, returning null for invalid formats.
- Updated `decodeEncryptedBlob` to utilize normalization functions for both UTF-8 and hex formats, improving email decryption reliability.
- Adjusted `SettingsService` to ensure email is set after merging adult access state, maintaining data integrity.

backend/services/settingsService.js

@@ -426,11 +426,12 @@ class SettingsService extends BaseService{
             
             const adultAccess = await this.getAdultAccessStateByUserId(user.id);
 
+            /* adultAccess zuletzt mergen, email danach setzen — nie von anderen Payload-Feldern überschreiben */
             return {
                 username: user.username,
-                email: email,
                 showinsearch: user.searchable,
-                ...adultAccess
+                ...adultAccess,
+                email,
             };
         } catch (error) {
             console.error('Error getting account settings:', error);