fix: use verified jeffemmett.com domain for admin request emails

Changed from email from 'noreply@canvas.jeffemmett.com' (unverified) to
'Canvas <noreply@jeffemmett.com>' (verified in Resend).

Also added RESEND_API_KEY secret to Cloudflare Worker.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

worker/boardPermissions.ts

@@ -1100,7 +1100,7 @@ export async function handleRequestAdminAccess(
 
     // Send email to global admin (jeffemmett@gmail.com)
     if (env.RESEND_API_KEY) {
-      const emailFrom = env.CRYPTID_EMAIL_FROM || 'noreply@canvas.jeffemmett.com';
+      const emailFrom = env.CRYPTID_EMAIL_FROM || 'Canvas <noreply@jeffemmett.com>';
 
       const emailResponse = await fetch('https://api.resend.com/emails', {
         method: 'POST',