add persistent email session for order lookup and reviews

Replaces the short-lived (1 hour) session-based order lookup with a
persistent cookie-based email session lasting 30 days. This foundation
enables customers to leave reviews and view orders without re-verifying
their email each time.

- Add EmailSession module for signed cookie management
- Add EmailSession plug to load verified email into session
- Set email session on order lookup verification
- Set email session on checkout completion (via /checkout/complete)
- Update orders and order detail pages to use email session
- Add reviews system plan document

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

lib/berrypod_web/controllers/checkout_success_controller.ex

@@ -0,0 +1,32 @@
+defmodule BerrypodWeb.CheckoutSuccessController do
+  @moduledoc """
+  Handles the redirect back from Stripe checkout.
+
+  This controller intercepts the Stripe redirect to set the email session
+  cookie before forwarding to the checkout success LiveView. This allows
+  customers to later view their orders and leave reviews without needing
+  to re-verify their email.
+  """
+
+  use BerrypodWeb, :controller
+
+  alias Berrypod.{EmailSession, Orders}
+
+  def show(conn, %{"session_id" => session_id}) do
+    # Look up the order to get the customer email
+    order = Orders.get_order_by_stripe_session(session_id)
+
+    conn =
+      if order && order.customer_email do
+        EmailSession.put_session(conn, order.customer_email)
+      else
+        conn
+      end
+
+    redirect(conn, to: R.checkout_success() <> "?session_id=#{session_id}")
+  end
+
+  def show(conn, _params) do
+    redirect(conn, to: R.home())
+  end
+end