add persistent email session for order lookup and reviews

Replaces the short-lived (1 hour) session-based order lookup with a
persistent cookie-based email session lasting 30 days. This foundation
enables customers to leave reviews and view orders without re-verifying
their email each time.

- Add EmailSession module for signed cookie management
- Add EmailSession plug to load verified email into session
- Set email session on order lookup verification
- Set email session on checkout completion (via /checkout/complete)
- Update orders and order detail pages to use email session
- Add reviews system plan document

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

lib/berrypod_web/live/shop/pages/order_detail.ex

@@ -16,7 +16,7 @@ defmodule BerrypodWeb.Shop.Pages.OrderDetail do
 
     socket =
       socket
-      |> assign(:lookup_email, session["order_lookup_email"])
+      |> assign(:lookup_email, session["email_session"])
       |> assign(:page, page)
 
     {:noreply, socket}

lib/berrypod_web/live/shop/pages/orders.ex

@@ -1,6 +1,9 @@
 defmodule BerrypodWeb.Shop.Pages.Orders do
   @moduledoc """
   Orders list page handler for the unified Shop.Page LiveView.
+
+  Uses the email session cookie (30 days) set during order lookup
+  verification or checkout completion.
   """
 
   import Phoenix.Component, only: [assign: 3]
@@ -8,7 +11,7 @@ defmodule BerrypodWeb.Shop.Pages.Orders do
   alias Berrypod.{Orders, Pages}
 
   def init(socket, _params, _uri, session) do
-    email = session["order_lookup_email"]
+    email = session["email_session"]
     page = Pages.get_page("orders")
 
     socket =