fix: set NoStartTLS when disable_startttls=true

[Flgado]

Problem

Users configuring SMTP with disable_starttls=true to force plaintext connections (common in development environments) experience connection failures with "unencrypted connection" errors, despite explicitly disabling StartTLS.

Root Cause

In smtp.go, when disable_starttls=true is set, the code correctly skips setting MandatoryStartTLS but fails to explicitly set NoStartTLS. This leaves the dialer with the default OpportunisticStartTLS policy, which still attempts TLS connections when the SMTP server advertises STARTTLS capability.

This can be confuse for users, because they explicite set the disable_starttls to true.

Solution

Explicitly set StartTLSPolicy = gomail.NoStartTLS when `disable_starttls=true to completely disable TLS negotiation attempts.

Related issue(s)

#4498

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}