feat: add email status check to verify page

Security Enhancement:
- Server-side validation of email status before allowing verification
- Only allow verifying emails in VerificationPending state
- Show "Action not possible" message for invalid states
- Extract and validate share-id on server side
- Return 404 for invalid share-ids or missing tenant emails

Implementation:
- Convert page.tsx to async server component
- Fetch location and check tenantEmailStatus
- Pass isPending prop to client component
- Add bilingual "not-allowed" translations (same as unsubscribe page)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

web-app/app/[locale]/email/verify/[id]/EmailVerifyPage.tsx

@@ -7,9 +7,10 @@ import { CheckCircleIcon } from '@heroicons/react/24/outline';
 
 interface EmailVerifyPageProps {
     shareId: string;
+    isPending: boolean;
 }
 
-export default function EmailVerifyPage({ shareId }: EmailVerifyPageProps) {
+export default function EmailVerifyPage({ shareId, isPending }: EmailVerifyPageProps) {
     const t = useTranslations('email-verify-page');
     const [isVerifying, setIsVerifying] = useState(false);
     const [isVerified, setIsVerified] = useState(false);
@@ -61,6 +62,17 @@ export default function EmailVerifyPage({ shareId }: EmailVerifyPageProps) {
         );
     }
 
+    if (!isPending) {
+        return (
+            <div className="card bg-base-100 shadow-xl max-w-2xl mx-auto mt-8">
+                <div className="card-body">
+                    <h2 className="card-title text-warning">{t('not-allowed.title')}</h2>
+                    <p>{t('not-allowed.message')}</p>
+                </div>
+            </div>
+        );
+    }
+
     return (
         <div className="card bg-base-100 shadow-xl max-w-2xl mx-auto mt-8">
             <div className="card-body">