Move email types to pkg/email for cloud repo access

Extracts Mailer interface, EmailData, and Button to pkg/email/types.go
so the cloud repo can use them via ServerContext. internal/email re-exports
the types as aliases so existing callers are unchanged. Also fixes
pre-existing lint errors (unchecked rollback and deadline calls).

internal/api/handlers_me.go

@@ -533,7 +533,7 @@ func (h *meHandler) DeleteAccount(w http.ResponseWriter, r *http.Request) {
 		writeError(w, http.StatusInternalServerError, "db_error", "failed to start transaction")
 		return
 	}
-	defer tx.Rollback(ctx)
+	defer func() { _ = tx.Rollback(ctx) }()
 
 	qtx := h.db.WithTx(tx)
 

internal/api/helpers_ws.go

@@ -43,14 +43,14 @@ type wsAuthMsg struct {
 // authenticated context. The caller must send this as the first message after
 // connecting.
 func wsAuthenticate(ctx context.Context, conn *websocket.Conn, jwtSecret []byte, queries *db.Queries) (auth.AuthContext, error) {
-	conn.SetReadDeadline(time.Now().Add(5 * time.Second))
+	_ = conn.SetReadDeadline(time.Now().Add(5 * time.Second))
 
 	var msg wsAuthMsg
 	if err := conn.ReadJSON(&msg); err != nil {
 		return auth.AuthContext{}, fmt.Errorf("read auth message: %w", err)
 	}
 
-	conn.SetReadDeadline(time.Time{}) // clear deadline
+	_ = conn.SetReadDeadline(time.Time{}) // clear deadline
 
 	if msg.Type != "auth" || msg.Token == "" {
 		return auth.AuthContext{}, fmt.Errorf("first message must be type 'auth' with a token")

internal/api/middleware_auth.go

@@ -96,4 +96,4 @@ func requireAPIKeyOrJWT(queries *db.Queries, jwtSecret []byte) func(http.Handler
 			writeError(w, http.StatusUnauthorized, "unauthorized", "X-API-Key or Authorization: Bearer <token> required")
 		})
 	}
-}
+}