add persistent email session for order lookup and reviews

Replaces the short-lived (1 hour) session-based order lookup with a
persistent cookie-based email session lasting 30 days. This foundation
enables customers to leave reviews and view orders without re-verifying
their email each time.

- Add EmailSession module for signed cookie management
- Add EmailSession plug to load verified email into session
- Set email session on order lookup verification
- Set email session on checkout completion (via /checkout/complete)
- Update orders and order detail pages to use email session
- Add reviews system plan document

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

lib/berrypod_web/controllers/order_lookup_controller.ex

@@ -1,6 +1,7 @@
 defmodule BerrypodWeb.OrderLookupController do
   use BerrypodWeb, :controller
 
+  alias Berrypod.EmailSession
   alias Berrypod.Orders
   alias Berrypod.Orders.OrderNotifier
 
@@ -44,7 +45,7 @@ defmodule BerrypodWeb.OrderLookupController do
     case Phoenix.Token.verify(BerrypodWeb.Endpoint, @salt, token, max_age: @max_age) do
       {:ok, email} ->
         conn
-        |> put_session(:order_lookup_email, email)
+        |> EmailSession.put_session(email)
         |> redirect(to: R.orders())
 
       {:error, :expired} ->