fix(client): verify email via Payload Local API to bypass basic auth

The verify-email server action was calling the Payload REST SDK against
NEXT_PUBLIC_URL, so the request looped back through Next.js middleware.
Local dev (and any env without auth creds in the public URL) hits the
BASIC_AUTH gate and gets a 401 "Authentication required" before reaching
Payload, leaving the user on the verification error page.

Switch to the Payload Local API (getPayload + payload.verifyEmail). No
HTTP roundtrip, no middleware, works in every env regardless of how
basic auth is wired.

Author: mbarrenechea

client/src/app/(frontend)/[locale]/(app)/auth/verify-email/actions.ts

@@ -1,6 +1,8 @@
 "use server";
 
-import { sdk } from "@/services/sdk";
+import { getPayload } from "payload";
+
+import config from "@/payload.config";
 
 export type VerifyEmailResult =
   | { success: true }
@@ -12,14 +14,13 @@ export async function verifyEmailAction(token: string): Promise<VerifyEmailResul
   }
 
   try {
-    await sdk.verifyEmail({
-      collection: "users",
-      token,
-    });
+    const payload = await getPayload({ config });
+    await payload.verifyEmail({ collection: "users", token });
     return { success: true };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
-    const isInvalid = /invalid/i.test(message) || /403/.test(message);
+    const status = (error as { status?: number } | null)?.status;
+    const isInvalid = status === 403 || /invalid/i.test(message);
 
     console.error("[verify-email] verification failed", {
       reason: isInvalid ? "invalid" : "unknown",