feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 34 deletions

diff --git a/vendor/itertools/src/impl_macros.rs b/vendor/itertools/src/impl_macros.rs
deleted file mode 100644
index 3db5ba02..00000000
--- a/vendor/itertools/src/impl_macros.rs
+++ /dev/null
@@ -1,34 +0,0 @@
-//!
-//! Implementation's internal macros
-
-macro_rules! debug_fmt_fields {
-    ($tyname:ident, $($($field:tt/*TODO ideally we would accept ident or tuple element here*/).+),*) => {
-        fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
-            f.debug_struct(stringify!($tyname))
-                $(
-              .field(stringify!($($field).+), &self.$($field).+)
-              )*
-              .finish()
-        }
-    }
-}
-
-macro_rules! clone_fields {
-    ($($field:ident),*) => {
-        #[inline] // TODO is this sensible?
-        fn clone(&self) -> Self {
-            Self {
-                $($field: self.$field.clone(),)*
-            }
-        }
-    }
-}
-
-macro_rules! ignore_ident{
-    ($id:ident, $($t:tt)*) => {$($t)*};
-}
-
-macro_rules! count_ident {
-    () => {0};
-    ($i0:ident $($i:ident)*) => {1 + count_ident!($($i)*)};
-}