fix(privacy): remove exposed email data

[jeanduplessis]

Summary

Code-related pentest L2 email-exposure guardrails are tightened while preserving client-side conversion matching through hashed identifiers.

• Replaced raw GTM dataLayer email and name values with normalized, unsalted SHA-256 hashes for authenticated users.
• Added explicit email_sha256, name_sha256, and user_data_format: "sha256" dataLayer fields so downstream tags can distinguish the hashed contract.
• Moved contributor champion personal email configuration to CONTRIBUTOR_CHAMPION_TEAM_EMAILS so source no longer stores personal email literals.
• Added a production-source email literal guardrail test with explicit public role-alias and placeholder-domain allowlists.
• Allowed placeholder subdomains such as mail.example.com and foo.bar.example.co.uk so tests block real personal email literals without rejecting common fixtures.

Verification

N/A — no manual UI verification; this is a code/test-only privacy guardrail change.

Visual Changes

N/A

Reviewer Notes

• GTM dataLayer email and name keys are intentionally retained for the existing container variables, but now contain SHA-256 hashes rather than raw values.
• Confirm the Meta/LinkedIn GTM tags consume pre-hashed values and do not double-hash them.
• Unsalted SHA-256 identifiers remain pseudonymous personal data; this reduces raw exposure while preserving ad-platform matching.
• Production/preview env should set CONTRIBUTOR_CHAMPION_TEAM_EMAILS for non-domain team emails that must stay excluded from contributor champion eligibility.
• This PR targets code/dataLayer email exposure; it does not remove all analytics identification elsewhere.

[kilo-code-bot]

Code Review Summary

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	1
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
apps/web/src/lib/config.server.ts	29	Empty-string fallback lets a missing CONTRIBUTOR_CHAMPION_TEAM_EMAILS config reclassify internal contributors as external users.

Other Observations (not in diff)

No additional issues found outside the current PR diff.

Files Reviewed (7 files)

• apps/web/src/components/DataLayerProvider.tsx - 0 issues
• apps/web/src/lib/config.server.ts - 1 issue
• apps/web/src/lib/contributor-champions/service.test.ts - 0 issues
• apps/web/src/lib/contributor-champions/service.ts - 0 issues
• apps/web/src/lib/data-layer-hashing.test.ts - 0 issues
• apps/web/src/lib/data-layer-hashing.ts - 0 issues
• apps/web/src/lib/email-literal-guardrail.test.ts - 0 issues

---

_{Reviewed by gpt-5.5-20260423 · 1,757,341 tokens}