feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 81 deletions

diff --git a/vendor/base64/examples/base64.rs b/vendor/base64/examples/base64.rs
deleted file mode 100644
index 0c8aa3fe..00000000
--- a/vendor/base64/examples/base64.rs
+++ /dev/null
@@ -1,81 +0,0 @@
-use std::fs::File;
-use std::io::{self, Read};
-use std::path::PathBuf;
-use std::process;
-
-use base64::{alphabet, engine, read, write};
-use clap::Parser;
-
-#[derive(Clone, Debug, Parser, strum::EnumString, Default)]
-#[strum(serialize_all = "kebab-case")]
-enum Alphabet {
-    #[default]
-    Standard,
-    UrlSafe,
-}
-
-/// Base64 encode or decode FILE (or standard input), to standard output.
-#[derive(Debug, Parser)]
-struct Opt {
-    /// Decode the base64-encoded input (default: encode the input as base64).
-    #[structopt(short = 'd', long = "decode")]
-    decode: bool,
-
-    /// The encoding alphabet: "standard" (default) or "url-safe".
-    #[structopt(long = "alphabet")]
-    alphabet: Option<Alphabet>,
-
-    /// Omit padding characters while encoding, and reject them while decoding.
-    #[structopt(short = 'p', long = "no-padding")]
-    no_padding: bool,
-
-    /// The file to encode or decode.
-    #[structopt(name = "FILE", parse(from_os_str))]
-    file: Option<PathBuf>,
-}
-
-fn main() {
-    let opt = Opt::parse();
-    let stdin;
-    let mut input: Box<dyn Read> = match opt.file {
-        None => {
-            stdin = io::stdin();
-            Box::new(stdin.lock())
-        }
-        Some(ref f) if f.as_os_str() == "-" => {
-            stdin = io::stdin();
-            Box::new(stdin.lock())
-        }
-        Some(f) => Box::new(File::open(f).unwrap()),
-    };
-
-    let alphabet = opt.alphabet.unwrap_or_default();
-    let engine = engine::GeneralPurpose::new(
-        &match alphabet {
-            Alphabet::Standard => alphabet::STANDARD,
-            Alphabet::UrlSafe => alphabet::URL_SAFE,
-        },
-        match opt.no_padding {
-            true => engine::general_purpose::NO_PAD,
-            false => engine::general_purpose::PAD,
-        },
-    );
-
-    let stdout = io::stdout();
-    let mut stdout = stdout.lock();
-    let r = if opt.decode {
-        let mut decoder = read::DecoderReader::new(&mut input, &engine);
-        io::copy(&mut decoder, &mut stdout)
-    } else {
-        let mut encoder = write::EncoderWriter::new(&mut stdout, &engine);
-        io::copy(&mut input, &mut encoder)
-    };
-    if let Err(e) = r {
-        eprintln!(
-            "Base64 {} failed with {}",
-            if opt.decode { "decode" } else { "encode" },
-            e
-        );
-        process::exit(1);
-    }
-}