QA Promotion: Mark-All Notifications, Cross-Platform Upload & Grid Display Fixes

This release promotes a batch of frontend improvements to the QA environment, bundling roughly a dozen feature and fix pull requests. Highlights include a one-click "mark all notifications as read" action, broader Windows/Mac compatibility for ZIP uploads, consistent data-grid styling with multi-value badges, and several modal and drawer interaction fixes.

Several usability and cross-platform gaps had accumulated on the development branch and needed consolidated QA validation before reaching users. Notification management was tedious without a bulk action, Windows users hit ZIP upload rejections and a drawer that could lock page interaction, grids displayed inconsistent styling and raw/empty values, and some upload and address modals had broken scrolling or editable fields that should have been read-only.

• Users can clear their notification backlog in one click via "mark all as read," with an option to view only unread items.
• Windows and Mac users can reliably upload ZIP archives that browsers report under platform-specific MIME types.
• Data grids (folders, batches, documents, mail, inbox) render multi-value fields as readable badges and show a dash for empty values, improving scannability.
• Resolved a Windows issue where opening "View Details" could leave the page unclickable, plus restored scrolling in upload/document modals.
• Excel (XLSX) export is now available directly from bulk-action toolbars across batches, documents, and mail/inbox grids.

Batch promotion of dev into qa (PR #572), bundling notable feature PRs:

• Notifications (#560, #566): New markAllNotificationsAsRead service hitting /v1/notifications/read/all, TanStack mutation with centralized error toasts (backend detail surfaced when present), an "only unread" filter, and a dropdown reopen-on-toggle fix via useOutsideClick ignored-refs and forwardRef on the notification button.
• Grid display (#561): New shared normalizeArrayValues helper (src/utils/array.helpers.ts) converting string/number/object arrays to badge-friendly labels; standardized grid theme, badge variant (bg-primary/10), null/empty dash placeholders, and a deadline datetime column.
• Windows compatibility (#556, #565): ZIP MIME types application/x-zip-compressed, multipart/x-zip, application/x-compressed plus extension fallback in fileValidation.ts; new clearStaleInteractivityLocks (src/utils/dom.utils.ts) that strips orphaned react-remove-scroll block-interactivity-* classes, plus a non-modal grid drawer.
• Modals (#550, #551, #555, #570, #571, #567): Restored modal scrollbars/scroll padding, disabled API-selected address fields, bulk department/user assignment refactor, controlled XLSX export modal triggered from bulk actions, and bulk-actions overflow menu repositioning.
• Config/docs (#563): useSecureCookies gated to production in auth.ts (ngrok dev compatibility) and an AGENTS.md cross-browser/cross-platform guideline (cn over clsx).

Moderate and broad: changes touch shared grid columns, modal/drawer primitives (sheet, bulk-actions), and notification flows across many screens, so regressions could surface widely. The DOM interactivity-lock cleanup manipulates body classes directly and depends on react-remove-scroll internals. Mitigation: this is a QA-stage promotion intended for full regression before production; the auth useSecureCookies change is environment-gated to production only, and changes are largely additive with shared helpers reducing duplication.

• Mark all notifications as read; confirm counts/badge update, "only unread" filter behaves, and error toast appears on failure.
• Toggle the notification bell repeatedly; verify the dropdown does not reopen unexpectedly and closes on outside click.
• On Windows, upload .zip files and confirm acceptance; open "View Details" drawer then close and confirm the page remains clickable.
• Verify grids (folders, batches, documents, mail, inbox) show multi-value badges, dash for empty cells, and consistent styling.
• Scroll upload/document/batch/address modals to confirm scrollbars work; confirm API-selected address fields are read-only.
• Trigger XLSX export from bulk-action toolbars on batches, documents, and mail/inbox and verify downloads.
• Smoke-test login/SSO to confirm auth still works after the cookie config change.