fix: require feedback on post rejection, post-specific review text, show superadmins in team list

- Reject requires feedback on both client and server (400 if empty)
- PublicPostReview uses post-specific i18n keys instead of artefact ones
- Team list always includes superadmins/managers for non-superadmin users

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

server/server.js

@@ -898,9 +898,11 @@ app.get('/api/users/team', requireAuth, async (req, res) => {
       try { myBrands = JSON.parse(currentUser?.brands || '[]'); } catch (err) { console.error('Parse user brands:', err.message); }
 
       filtered = users.filter(u => {
+        // Always include self, superadmins, and managers
+        if (u.Id === req.session.userId || u.role === 'superadmin' || u.role === 'manager') return true;
         let theirBrands = [];
         try { theirBrands = JSON.parse(u.brands || '[]'); } catch (err) { console.error('Parse team brands:', err.message); }
-        return u.Id === req.session.userId || theirBrands.some(b => myBrands.includes(b));
+        return theirBrands.some(b => myBrands.includes(b));
       });
     }
 
@@ -1586,6 +1588,9 @@ app.post('/api/public/review-post/:token/approve', async (req, res) => {
 // Public: Reject post
 app.post('/api/public/review-post/:token/reject', async (req, res) => {
   const { approved_by_name, feedback } = req.body;
+  if (!feedback || !feedback.trim()) {
+    return res.status(400).json({ error: 'Feedback is required when rejecting' });
+  }
   try {
     const posts = await nocodb.list('Posts', {
       where: `(approval_token,eq,${sanitizeWhereValue(req.params.token)})`,