fix(notifications): role-aware deep-links instead of always /po/[id]

Notification links now route each recipient to the page where they
need to take action, not just the PO detail:

  Manager / SuperUser:
    PO_SUBMITTED, VENDOR_ID_PROVIDED → /approvals/[id]  (approval queue)

  Accounts:
    PO_APPROVED / PO_APPROVED_WITH_NOTE → /payments  (payment queue)

  Submitter:
    EDITS_REQUESTED → /po/[id]/edit  (open the edit form directly)
    PAYMENT_SENT    → /po/[id]/receipt  (open the receipt confirmation)

  All other events / recipients → /po/[id]

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

App/pelagia-portal/lib/notifier.ts

@@ -109,11 +109,36 @@ function buildInAppBody(
 }
 
 function buildInAppLink(
-  _event: NotificationEvent,
+  event: NotificationEvent,
   po: PurchaseOrder & { submitter: User },
-  _recipient: User
+  recipient: User
 ): string {
-  return `/po/${po.id}`;
+  const isManager   = recipient.role === "MANAGER" || recipient.role === "SUPERUSER";
+  const isAccounts  = recipient.role === "ACCOUNTS";
+  const isSubmitter = recipient.id === po.submitterId;
+
+  switch (event) {
+    // Manager needs to act on the approval queue
+    case "PO_SUBMITTED":
+    case "VENDOR_ID_PROVIDED":
+      return isManager ? `/approvals/${po.id}` : `/po/${po.id}`;
+
+    // Accounts needs to process payment; everyone else sees the PO
+    case "PO_APPROVED":
+    case "PO_APPROVED_WITH_NOTE":
+      return isAccounts ? `/payments` : `/po/${po.id}`;
+
+    // Submitter needs to open the edit form
+    case "EDITS_REQUESTED":
+      return isSubmitter ? `/po/${po.id}/edit` : `/po/${po.id}`;
+
+    // Submitter needs to confirm receipt
+    case "PAYMENT_SENT":
+      return isSubmitter ? `/po/${po.id}/receipt` : `/po/${po.id}`;
+
+    default:
+      return `/po/${po.id}`;
+  }
 }
 
 // ── Email subject ─────────────────────────────────────────────────────────────