Cross-site navigation (e.g. email links) logs out authenticated users in 3.79.1

### Describe the Bug

Since 3.79.1, clicking a link to a Payload-authenticated route from an external source (such as email client or another site) causes login state to be lost on the first load.

This was likely introduced in #15751 and issue doesn't reproduce in 3.79.0 and earlier.

This probably happens because code doesn't handle `secFetchSite === 'navigate'` here: https://github.com/payloadcms/payload/blob/main/packages/payload/src/auth/extractJWT.ts#L46-L49

Suggested fix:                      

```
if (                                                                                                                                
  secFetchSite === 'same-origin' ||                                                                                               
  secFetchSite === 'same-site' ||
  secFetchSite === 'none' ||                                                                                                        
  secFetchMode === 'navigate'
) {                                                                                                                                 
  return cookieToken;                                                                                                             
}
```

### Link to the code that reproduces this issue

https://github.com/avee87/payload-cross-site-navigation-issue

### Reproduction Steps

With setup from https://github.com/avee87/payload-cross-site-navigation-issue:
* Go to http://localhost:3000/admin and log into account
* Verify that http://localhost:3000/logged-in opens correctly
* Email yourself a link to http://localhost:3000/logged-in and open with an email client (i.e., Gmail) in the same browser
* Observe that clicking the link lands on http://localhost/login

### Which area(s) are affected?

area: core

### Environment Info

```text
Binaries:
  Node: 24.14.0
  npm: 11.9.0
  Yarn: N/A
  pnpm: 10.32.1
Relevant Packages:
  payload: 3.80.0
  next: 16.2.0
  @payloadcms/db-sqlite: 3.80.0
  @payloadcms/drizzle: 3.80.0
  @payloadcms/graphql: 3.80.0
  @payloadcms/next/utilities: 3.80.0
  @payloadcms/richtext-lexical: 3.80.0
  @payloadcms/translations: 3.80.0
  @payloadcms/ui/shared: 3.80.0
  react: 19.2.4
  react-dom: 19.2.4
Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 24.6.0: Wed Nov  5 21:32:56 PST 2025; root:xnu-11417.140.69.705.2~1/RELEASE_ARM64_T8103
  Available memory (MB): 16384
  Available CPU cores: 8
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cross-site navigation (e.g. email links) logs out authenticated users in 3.79.1 #16031

Describe the Bug

Link to the code that reproduces this issue

Reproduction Steps

Which area(s) are affected?

Environment Info

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cross-site navigation (e.g. email links) logs out authenticated users in 3.79.1 #16031

Description

Describe the Bug

Link to the code that reproduces this issue

Reproduction Steps

Which area(s) are affected?

Environment Info

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions