feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 23 deletions

diff --git a/vendor/bitflags/src/tests/empty.rs b/vendor/bitflags/src/tests/empty.rs
deleted file mode 100644
index 57fb1c7c..00000000
--- a/vendor/bitflags/src/tests/empty.rs
+++ /dev/null
@@ -1,23 +0,0 @@
-use super::*;
-
-use crate::Flags;
-
-#[test]
-fn cases() {
-    case(0, TestFlags::empty);
-
-    case(0, TestZero::empty);
-
-    case(0, TestEmpty::empty);
-
-    case(0, TestExternal::empty);
-}
-
-#[track_caller]
-fn case<T: Flags>(expected: T::Bits, inherent: impl FnOnce() -> T)
-where
-    <T as Flags>::Bits: std::fmt::Debug + PartialEq,
-{
-    assert_eq!(expected, inherent().bits(), "T::empty()");
-    assert_eq!(expected, T::empty().bits(), "Flags::empty()");
-}