fix: Validate email addresses

[Mrtenz]

Some basic validation for email addresses.

---

Note

Medium Risk
Updates validateLink mailto handling to fail fast on malformed email strings (e.g., multiple @), which may change which links are accepted and how phishing checks are applied.

Overview
Tightens mailto: link validation in validateLink by requiring each email recipient to contain exactly one @ before extracting the domain for phishing-list checks.

Adds a unit test to ensure malformed emails like mailto:foo@bar.com@baz.com throw a clear parse error and do not invoke the phishing-list checker.

^{Reviewed by Cursor Bugbot for commit d178d8a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.58%. Comparing base (92ace80) to head (d178d8a).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4005   +/-   ##
=======================================
  Coverage   98.58%   98.58%           
=======================================
  Files         427      425    -2     
  Lines       12408    12370   -38     
  Branches     1949     1949           
=======================================
- Hits        12232    12195   -37     
+ Misses        176      175    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[FrederikBolding]

Can we re-use the result of email.split()?

[Mrtenz]

Yep!