chore(email): stop admin notifications for registrations and activations

- Remove _send_registration_notification call on registration
- Remove first-activation admin notification on password reset
- Change MAIL_BCC default from maciej.pienczyn@inpi.pl to empty

Admin can still set MAIL_BCC via env if blanket BCC is desired.
All new member and password-reset info is visible in /admin panel.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

blueprints/auth/routes.py

@@ -224,19 +224,6 @@ def register():
 
             logger.info(f"New user registered: {email}")
 
-            # Send notification to admin about new registration
-            try:
-                company_name = company.name if company_id and company else None
-                _send_registration_notification({
-                    'name': name,
-                    'email': email,
-                    'company_nip': company_nip,
-                    'company_name': company_name,
-                    'is_norda_member': is_norda_member
-                })
-            except Exception as e:
-                logger.error(f"Failed to send registration notification: {e}")
-
             # Store email in session for success page
             session['registered_email'] = email
             return redirect(url_for('auth.registration_success'))
@@ -1198,26 +1185,10 @@ def reset_password(token):
                 user.verification_token_expires = None
                 logger.info(f"Email auto-verified via password reset for {user.email}")
 
-            # Notify admin if this is a first-time activation (user never logged in)
-            first_activation = user.last_login is None
-
             db.commit()
 
             logger.info(f"Password reset successful for {user.email}")
 
-            if first_activation:
-                try:
-                    import email_service
-                    email_service.send_email(
-                        to=['maciej.pienczyn@inpi.pl'],
-                        subject=f'Aktywacja konta: {user.name}',
-                        body_text=f'{user.name} ({user.email}) właśnie ustawił(a) hasło i aktywował(a) swoje konto w portalu Norda Biznes Partner.',
-                        email_type='admin_notification',
-                        bcc=[]
-                    )
-                except Exception as notify_err:
-                    logger.warning(f"Failed to send activation notification: {notify_err}")
-
             flash('Haslo zostalo zmienione. Mozesz sie teraz zalogowac.', 'success')
             return redirect(url_for('login'))
 

email_service.py

@@ -164,9 +164,9 @@ def send_email(
     if isinstance(to, str):
         to = [to]
 
-    # Default BCC from env var — admin gets a copy of every email
+    # Default BCC from env var (empty by default — no admin copies)
     if bcc is None:
-        default_bcc = os.getenv('MAIL_BCC', 'maciej.pienczyn@inpi.pl')
+        default_bcc = os.getenv('MAIL_BCC', '')
         if default_bcc:
             bcc = [addr.strip() for addr in default_bcc.split(',') if addr.strip()]
             # Don't BCC someone who is already a direct recipient