QA Release: iMail Rebrand, Improved Mail Sharing, and Permission-Aware Page Access

This QA batch bundles several frontend improvements ahead of testing: the product is rebranded to Datagain iMail (new title, description, logo, and favicon), the in-system mail sharing dialog gains backend-driven priority and deadline options, and key pages (Admin Hub, Batches) now redirect users who lack permission back to their inbox. It also includes a round of UI polish for share recipients, bulk-action menus, and table selection, plus internal cleanup.

The app still carried generic "Document Mail System" branding and a placeholder favicon, which is not client-ready. The mail sharing experience used hardcoded priority levels rather than the values the backend actually expects, and several module pages rendered fully even for users without the required permission. Bulk-action menus and selection checkboxes also behaved inconsistently across grids.

• Consistent Datagain iMail branding appears in the browser tab title, description, favicon, and app logo.
• When sharing mail inside the system, users pick from accurate, module-specific priority options and can set a deadline, reducing mis-tagged shares.
• Users who open a page they are not permitted to see (e.g. Admin Hub or Batches) get a clear "no permission, redirecting to your inbox" message instead of a broken or unauthorized view.
• Cleaner, more uniform share-recipient cards, action dropdowns, and table row selection across mail and document grids.

Batch of feature/fix PRs promoted to QA. Notable items grounded in the diff:

• Rebrand (#531): new src/constants/branding.ts (APP_TITLE = "Datagain iMail", description); app/layout.tsx metadata, favicon, and PWA manifest.json updated to the new logo assets; new Cortex/iMail logo PNGs.
• Permission-aware redirects (#540): new useUnauthorizedRedirect hook + AppRoute route constants; wired into AdminPageLayout, BatchesModulePage, and InboxPageLayout to defer-redirect denied users to the inbox.
• Mail sharing (#524/#525): ShareWithinSystemDialog reworked (+408/-150) to fetch priorities via useGetModulePriorities using new type-safe MODULE_NAMES constants, add priority/deadline fields, memoize entity selection, and reset state on close; MailSharingDetails simplified to read sharing_details directly; large cleanup of types/mail.type.ts and removal of dead mail services/queries.
• UI uniformity (#526/#528): bulk-actions.tsx overflow menu widths unified with a typed className helper; table.tsx/data-grid.tsx selection-cell padding and click target standardized.
• Other: duplicate mail-detail tab prevention (#530); documents sidebar fix (#539); a revert (#536); removed mock public/mail_data.json and stray columns.tsx.tmp; added formatRelativeOrAbsolute date util; minor tsconfig/AGENTS.md doc tweaks.

Medium. The rebrand and root layout.tsx change (now async, seeding server-side session into the auth provider) touch global app shell, so a regression could affect every page. The new redirect hook gates high-traffic pages; an over-eager check could bounce legitimate users. Priorities now depend on a backend module-priorities API. Mitigation: changes are confined to QA for testing, redirects defer until permission loading completes, and the priority dropdown shows loading/disabled states while fetching.

• Verify tab title, favicon, and logo show Datagain iMail branding across light/dark themes and the installed PWA.
• As an authorized user, open Admin Hub and Batches normally; as an unauthorized user, confirm the "no permission, redirecting to your inbox" message and redirect.
• Share a mail within the system: confirm priority options load from the backend, deadline can be set, dialog resets on close, and sharing cannot be dismissed mid-submit.
• Check MailSharingDetails shows correct shared-by name, date, priority, and deadline.
• Confirm bulk-action overflow menus are uniform width and table row checkboxes/selection click targets work consistently in mail and document grids.
• Confirm opening mail details does not spawn duplicate tabs; confirm session/login still works after the layout/auth-provider change.