Fix empty DEFAULT_FROM_EMAIL causing 'Invalid address' on outbound mail

When DEFAULT_FROM_EMAIL env var isn't set, it defaulted to an empty
string, causing every outbound email (receipts, payslips) to fail
with: Invalid address "".

Phase 1 removed the hardcoded Gmail fallback for security. The
cleanest restore — without reintroducing a secret default — is to
fall back to EMAIL_HOST_USER, which is already the authenticated
Gmail address we send AS. That address is always valid when SMTP
auth works, and it's already set on the VM (otherwise sending
would fail with an auth error instead).

Now:
  DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "") or EMAIL_HOST_USER

Verified locally: when DEFAULT_FROM_EMAIL is unset and EMAIL_HOST_USER
is 'test@example.com', DEFAULT_FROM_EMAIL resolves to the same address.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

config/settings.py

@@ -226,7 +226,13 @@ EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER", "")      # set on deploy platform
 EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD", "")  # set on deploy platform
 EMAIL_USE_TLS = os.getenv("EMAIL_USE_TLS", "true").lower() == "true"
 EMAIL_USE_SSL = os.getenv("EMAIL_USE_SSL", "false").lower() == "true"
-DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "")
+# === FROM-ADDRESS ===
+# Where outgoing emails appear to come from. If DEFAULT_FROM_EMAIL isn't
+# explicitly set, fall back to the Gmail address we authenticate as —
+# that's always a valid sender since it's the same account sending the email.
+# Without this fallback, emails fail with "Invalid address ''" if the
+# env var is missing, even though auth + SMTP are otherwise fine.
+DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "") or EMAIL_HOST_USER
 CONTACT_EMAIL_TO = [
     item.strip()
     for item in os.getenv("CONTACT_EMAIL_TO", DEFAULT_FROM_EMAIL).split(",")