feat: obfuscate all email addresses and mailto links as HTML entities

Added EmailObfuscator class (src/EmailObfuscator.php) that converts
email addresses to HTML decimal entities (e.g. foo@...)
so browsers render them correctly but bots and scrapers see gibberish.

Methods:
- email($addr): obfuscate for display in HTML content
- mailto($addr): return obfuscated mailto: href
- obfuscateHtml($html): post-process rendered HTML to obfuscate all
  mailto: links (used after Parsedown/Markdown rendering)

Applied to:
- partage/index.php: mailto link at top + error scenarios via _flash_contact
  flag rendered in form.php (outside htmlspecialchars to avoid double-escape)
- admin/acces.php: request email mailto links
- admin/file-access.php: request email mailto links
- public/about.php: contact email mailto links
- public/tfe.php: author contact mailto links
- AboutController: Parsedown output post-processing
- LicenceController: Parsedown output post-processing
- Dispatcher::render(): require_once EmailObfuscator for all public views

Also fixed _flash_contact session flag in form.php partial to show
contact email line on share link validation errors (separate from
flash_error/warning to bypass htmlspecialchars double-escaping).

app/src/Controllers/LicenceController.php

@@ -3,6 +3,7 @@
 require_once APP_ROOT . '/src/Database.php';
 require_once APP_ROOT . '/src/Parsedown.php';
 require_once APP_ROOT . '/src/ErrorHandler.php';
+require_once APP_ROOT . '/src/EmailObfuscator.php';
 
 class LicenceController
 {
@@ -26,7 +27,7 @@ class LicenceController
 
         $pd = new Parsedown();
         $pd->setSafeMode(true);
-        $html = $pd->text($content);
+        $html = EmailObfuscator::obfuscateHtml($pd->text($content));
 
         return [
             'content'          => $content,