feat(ST-507): persist email in updateProfileAction with Zod validation

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

actions/profile.ts

@@ -12,6 +12,7 @@ async function getSession() {
 }
 
 const profileSchema = z.object({
+  email: z.string().trim().email('Ongeldig e-mailadres').max(254).optional(),
   bio: z.string().max(160).optional(),
   bio_detail: z.string().max(2000).optional(),
 })
@@ -22,18 +23,32 @@ export async function updateProfileAction(_prevState: unknown, formData: FormDat
   if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
 
   const parsed = profileSchema.safeParse({
+    email: (formData.get('email') as string)?.trim() || undefined,
     bio: (formData.get('bio') as string) || undefined,
     bio_detail: (formData.get('bio_detail') as string) || undefined,
   })
   if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
 
+  try {
     await prisma.user.update({
       where: { id: session.userId },
       data: {
+        email: parsed.data.email ?? null,
         bio: parsed.data.bio ?? null,
         bio_detail: parsed.data.bio_detail ?? null,
       },
     })
+  } catch (err: unknown) {
+    if (
+      typeof err === 'object' &&
+      err !== null &&
+      'code' in err &&
+      (err as { code: string }).code === 'P2002'
+    ) {
+      return { error: 'Dit e-mailadres is al in gebruik' }
+    }
+    throw err
+  }
 
   revalidatePath('/settings')
   return { success: true }