feat: decouple read FeedId from inbound MailboxId

Separate the two feed identities so the public read URL never reveals the
inbound address and vice-versa:

- FeedId becomes an opaque high-entropy token (read id + KV key); MailboxId
  (noun.noun.NN) owns the inbound address and the untrusted-input boundary
  via MailboxId.parse. They map only through the inbound:<mailbox> secondary
  index, resolved solely at reception.
- inbound index lifecycle is owned by FeedRepository: written by save/saveConfig,
  dropped by removeFromList(Bulk) — symmetric, never mirrored by hand (removes the
  manual delete in feed-service + the cron loop, and a silent empty-catch).
- Feed.mailboxId exposes a MailboxId VO (symmetry with Feed.id); the
  mailbox@domain shape lives on MailboxId.emailAddress(domain).
- Distinguish mailbox_unknown (no feed claims the address) from feed_not_found
  (dangling index) for observability; both forwardable, both 404.
- Drop the redundant EmailParser.extractMailbox pass-through so MailboxId.parse
  is the single parse boundary.

Docs (README/INSTALL/CLAUDE.md/landing) and tests updated; 439 tests green,
tsc clean, build dry-run OK.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/routes/admin.test.ts

@@ -168,6 +168,27 @@ describe("Admin Routes", () => {
         expect(feedConfig).toBeTruthy();
         expect((feedConfig as any).title).toBe("Test Feed");
         expect((feedConfig as any).description).toBe("Test Description");
+
+        // Two-id model: the feed id is an opaque read id; the inbound address is
+        // a separate noun.noun.NN mailbox, mapped via the inbound: index.
+        const mailboxId = (feedConfig as any).mailbox_id as string;
+        expect(mailboxId).toMatch(/^[a-z]+\.[a-z]+\.\d{2}$/);
+        expect(feedId).toMatch(/^[A-Za-z0-9_-]{22}$/);
+        expect(feedId).not.toBe(mailboxId);
+        expect((feedList?.feeds[0] as any).mailbox_id).toBe(mailboxId);
+        expect(
+          await mockEnv.EMAIL_STORAGE.get(`inbound:${mailboxId}`, "text"),
+        ).toBe(feedId);
+
+        // The dashboard shows the inbound address and the opaque feed URL,
+        // distinctly — and never exposes the address as a readable feed URL.
+        const dash = await request("/admin", {
+          headers: { Cookie: authCookie },
+        });
+        const html = await dash.text();
+        expect(html).toContain(`${mailboxId}@test.getmynews.app`);
+        expect(html).toContain(`/rss/${feedId}`);
+        expect(html).not.toContain(`/rss/${mailboxId}`);
       });
 
       it("should reject feed creation with missing title", async () => {
@@ -732,6 +753,15 @@ describe("Admin Routes", () => {
       it("lists attachments with download links on the email detail page", async () => {
         const authCookie = await loginAndGetCookie();
         const feedId = "detail-feed";
+        await mockEnv.EMAIL_STORAGE.put(
+          `feed:${feedId}:config`,
+          JSON.stringify({
+            title: "Detail Feed",
+            mailbox_id: "detail.feed.10",
+            language: "en",
+            created_at: 1,
+          }),
+        );
         const emailKey = `feed:${feedId}:1`;
         await mockEnv.EMAIL_STORAGE.put(
           emailKey,
@@ -769,6 +799,15 @@ describe("Admin Routes", () => {
       it("renders inline cid images in place and hides them from the attachments list", async () => {
         const authCookie = await loginAndGetCookie();
         const feedId = "detail-feed";
+        await mockEnv.EMAIL_STORAGE.put(
+          `feed:${feedId}:config`,
+          JSON.stringify({
+            title: "Detail Feed",
+            mailbox_id: "detail.feed.10",
+            language: "en",
+            created_at: 1,
+          }),
+        );
         const emailKey = `feed:${feedId}:3`;
         await mockEnv.EMAIL_STORAGE.put(
           emailKey,
@@ -814,6 +853,15 @@ describe("Admin Routes", () => {
       it("does not render an attachments section when the email has none", async () => {
         const authCookie = await loginAndGetCookie();
         const feedId = "detail-feed";
+        await mockEnv.EMAIL_STORAGE.put(
+          `feed:${feedId}:config`,
+          JSON.stringify({
+            title: "Detail Feed",
+            mailbox_id: "detail.feed.10",
+            language: "en",
+            created_at: 1,
+          }),
+        );
         const emailKey = `feed:${feedId}:2`;
         await mockEnv.EMAIL_STORAGE.put(
           emailKey,