Add email-change permission validation for linked members

Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.

lib/membership/member.ex

@@ -25,6 +25,7 @@ defmodule Mv.Membership.Member do
   - Postal code format: exactly 5 digits (German format)
   - Date validations: join_date not in future, exit_date after join_date
   - Email uniqueness: prevents conflicts with unlinked users
+  - Linked member email change: only admins or the linked user may change a linked member's email (see `Mv.Membership.Member.Validations.EmailChangePermission`)
 
   ## Full-Text Search
   Members have a `search_vector` attribute (tsvector) that is automatically
@@ -381,6 +382,9 @@ defmodule Mv.Membership.Member do
     # Validates that member email is not already used by another (unlinked) user
     validate Mv.Membership.Member.Validations.EmailNotUsedByOtherUser
 
+    # Only admins or the linked user may change a linked member's email (prevents breaking sync)
+    validate Mv.Membership.Member.Validations.EmailChangePermission, on: [:update]
+
     # Prevent linking to a user that already has a member
     # This validation prevents "stealing" users from other members by checking
     # if the target user is already linked to a different member