### fix: verbessere CORS-Handling und UI-Markierungen

- **Caddyfile:** Ersetze `Access-Control-Allow-Origin` durch `*`, entferne `Access-Control-Allow-Credentials`, füge `Access-Control-Expose-Headers` hinzu.
- **GlobalSecurityConfig:** Lockere `allowedOrigins`, `allowedOriginPatterns` und `exposedHeaders` auf `*`, setze `allowCredentials` auf `false`.
- **MailServiceApplication:** Passe CORS-Mapping durch `allowedOrigins` und `allowCredentials` an.
- **UI:** Aktualisiere Versionsmarker auf `v2026-04-23.26 - NUCLEAR CORS v2`.

backend/infrastructure/security/src/main/kotlin/at/mocode/infrastructure/security/GlobalSecurityConfig.kt

@@ -81,23 +81,13 @@ class GlobalSecurityConfig {
   @Bean
   fun corsConfigurationSource(): CorsConfigurationSource {
     val configuration = CorsConfiguration()
-    configuration.allowedOrigins = listOf(
-      "https://app.mo-code.at",
-      "https://api.mo-code.at",
-      "http://localhost:8080",
-      "http://localhost:8083",
-      "http://localhost:8092",
-      "http://localhost:4000"
-    )
-    configuration.allowedOriginPatterns = listOf(
-      "https://*.mo-code.at",
-      "http://localhost:[*]"
-    )
+    configuration.allowedOrigins = listOf("*")
+    configuration.allowedOriginPatterns = listOf("*")
     configuration.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")
     configuration.allowedHeaders = listOf("*")
-    configuration.exposedHeaders = listOf("Authorization", "Content-Type")
+    configuration.exposedHeaders = listOf("*")
     configuration.maxAge = 3600L
-    configuration.allowCredentials = true
+    configuration.allowCredentials = false
     val source = UrlBasedCorsConfigurationSource()
     source.registerCorsConfiguration("/**", configuration)
     return source