Require signed auth for DWS email routes

[lawyered0]

Summary\n- require signed wallet auth headers for /email routes outside localnet\n- accept x-jeju-address (fallback x-wallet-address) but verify signature\n\n## Testing\n- not run (not requested)

[lawyered0]

Why this change: /email trusted x-wallet-address alone, so any caller could read or mutate someone else’s mailbox. This requires signed x-jeju-* headers in non-localnet while retaining localnet dev behavior.