refactor: enhance security and performance in configuration and API routes

- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.

components/EmailManager.tsx

@@ -42,9 +42,11 @@ export const EmailManager: React.FC = () => {
   const loadMessages = async () => {
     try {
       setIsLoading(true);
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
       const response = await fetch('/api/contacts', {
         headers: {
-          'x-admin-request': 'true'
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken
         }
       });
       
@@ -100,10 +102,13 @@ export const EmailManager: React.FC = () => {
     if (!selectedMessage || !replyContent.trim()) return;
     
     try {
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
       const response = await fetch('/api/email/respond', {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken,
         },
         body: JSON.stringify({
           to: selectedMessage.email,