Bot creating duplicated GitHub issues in keycloak-private when receiving e-mails from secalert

[abstractj]

This commit fixes duplicate GitHub issue creation in keycloak-private when the bot receives SecAlert reply emails. The root cause: SecAlert replies arrive from a different email address than the one used for initial contact, and they use a different Gmail thread ID — so the bot couldn't correlate replies back to the original issue and created duplicates.

Current changes:

1. #GHI- subject tag — When sending the initial email to SecAlert, the bot now appends #GHI-42 to the subject line. SecAlert replies preserve this tag, giving the bot a reliable way to find the original issue by parsing the reply subject.
2. SecAlert-Thread-ID recording — Instead of writing the thread ID marker immediately when sending, the bot now records it lazily when the first reply from secalert arrives. This captures SecAlert's thread ID (not ours), which is the one that actually appears in replies.
3. Split email configuration — secalert.email.to (for initial outreach) vs. secalert.email.reply-to (for matching incoming replies), since SecAlert uses different addresses for inbound vs. outbound.

AI Disclosure

This pull request contains code generated or assisted by Claude.

• Review: I have manually reviewed and verified every line of the AI-generated logic to ensure it adheres to Keycloak coding standards.
• Testing: I have validated these changes through local verification and confirmed they correctly address the issue.
• Accountability: I take full responsibility for this contribution and can explain the implementation details without further AI assistance.

Closes #69