fix(background-checks): remove employee PII from sessionStorage

Stop storing employeeName and employeeEmail in sessionStorage during
the Stripe billing redirect flow. Only requesterNotes (non-PII) is
persisted. After redirect, employeeName re-derives from the employee
prop and the email field resets to its default.

Resolves code-scanning alert #133 (clear text storage of sensitive
information).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: carhartlewis

apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/EmployeeBackgroundCheck.tsx

@@ -191,8 +191,8 @@ export function EmployeeBackgroundCheck({
       }
 
       form.reset({
-        employeeName: pendingRequest.employeeName,
-        employeeEmail: pendingRequest.employeeEmail,
+        employeeName: form.getValues('employeeName') || employee.user.name || '',
+        employeeEmail: form.getValues('employeeEmail') || '',
         requesterNotes: pendingRequest.requesterNotes ?? '',
       });
       setBillingSetupComplete(true);

apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/backgroundCheckForm.ts

@@ -8,9 +8,10 @@ export const backgroundCheckSchema = z.object({
 
 export type BackgroundCheckFormValues = z.infer<typeof backgroundCheckSchema>;
 
-const pendingBackgroundCheckSchema = backgroundCheckSchema.extend({
+const pendingBackgroundCheckSchema = z.object({
   memberId: z.string(),
   organizationId: z.string(),
+  requesterNotes: z.string().optional(),
 });
 
 export type PendingBackgroundCheckRequest = z.infer<typeof pendingBackgroundCheckSchema>;
@@ -65,8 +66,6 @@ export function writePendingBackgroundCheckRequest({
   const pendingRequest: PendingBackgroundCheckRequest = {
     organizationId,
     memberId,
-    employeeName: values.employeeName,
-    employeeEmail: values.employeeEmail,
     requesterNotes: values.requesterNotes,
   };
   window.sessionStorage.setItem(