fix(avatar) : address review findings — security and UX fixes

- Use getMimeType() instead of getClientMimeType() to prevent MIME spoofing
- Change IsGranted to IS_AUTHENTICATED_FULLY so ROLE_CLIENT can access avatars
- Remove Groups from avatarFileName (only avatarUrl needed by frontend)
- Disable aggressive caching to prevent stale avatar images
- Add error handling to avatar upload in profile page
- Use i18n for "Mon profil" button text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/components/ui/AppTopNav.vue

@@ -19,7 +19,7 @@
               class="block w-full px-3 py-2 text-left hover:bg-neutral-100"
               @click="navigateTo('/profile')"
             >
-              Mon profil
+              {{ $t('profile.title') }}
             </button>
             <button
               type="button"