fix(review): replace email fallback with [Unbekannt] in AuthorView — prevents CWE-359 leak

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/main/java/org/raddatz/familienarchiv/geschichte/GeschichteService.java

@@ -78,7 +78,7 @@ public class GeschichteService {
         if (author != null) {
             String displayName = ((author.getFirstName() != null ? author.getFirstName() : "")
                     + " " + (author.getLastName() != null ? author.getLastName() : "")).trim();
-            if (displayName.isBlank()) displayName = author.getEmail();
+            if (displayName.isBlank()) displayName = "[Unbekannt]";
             authorView = new GeschichteView.AuthorView(author.getId(), displayName);
         }
         return new GeschichteView(

backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java

@@ -123,7 +123,7 @@ class GeschichteServiceTest {
     }
 
     @Test
-    void getById_author_displayName_falls_back_to_email_when_names_blank() {
+    void getById_author_displayName_falls_back_to_Unbekannt_when_names_blank() {
         authenticateAs(reader, Permission.READ_ALL);
         UUID id = UUID.randomUUID();
         Geschichte published = published(id);
@@ -133,7 +133,7 @@ class GeschichteServiceTest {
 
         GeschichteView result = geschichteService.getById(id);
 
-        assertThat(result.author().displayName()).isEqualTo("anon@test");
+        assertThat(result.author().displayName()).isEqualTo("[Unbekannt]");
     }
 
     @Test