feat: add sender allowlist and injection detection

[aicayzer]

Summary

• Optional sender allowlist via GMAIL_ALLOWED_SENDERS env var — when set, only listed addresses are processed
• Prompt injection detection for emails from unknown senders — common injection patterns are detected and skipped
• HTML body extraction fallback — many emails lack a text/plain part

Why

Email is the only NanoClaw channel where arbitrary actors can send content to the agent. A sender allowlist provides a security boundary; injection detection adds defence in depth. Both are opt-in with no breaking changes.

Details

• GMAIL_ALLOWED_SENDERS: comma-separated list (e.g. alice@example.com,bob@example.com). When unset, all emails are processed (current behaviour preserved)
• Trusted senders (in the allowlist) bypass injection detection — they may discuss technical topics matching patterns
• Suspicious emails are logged and marked as read without processing
• HTML fallback strips tags as a simple extraction when no plain text part exists