feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

2 files changed, 0 insertions, 22 deletions

diff --git a/vendor/rustix/src/backend/linux_raw/prctl/mod.rs b/vendor/rustix/src/backend/linux_raw/prctl/mod.rs
deleted file mode 100644
index ef944f04..00000000
--- a/vendor/rustix/src/backend/linux_raw/prctl/mod.rs
+++ /dev/null
@@ -1 +0,0 @@
-pub(crate) mod syscalls;
diff --git a/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs b/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs
deleted file mode 100644
index 1410d512..00000000
--- a/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs
+++ /dev/null
@@ -1,21 +0,0 @@
-//! linux_raw syscalls supporting modules that use `prctl`.
-//!
-//! # Safety
-//!
-//! See the `rustix::backend` module documentation for details.
-#![allow(unsafe_code, clippy::undocumented_unsafe_blocks)]
-
-use crate::backend::c;
-use crate::backend::conv::{c_int, ret_c_int};
-use crate::io;
-
-#[inline]
-pub(crate) unsafe fn prctl(
-    option: c::c_int,
-    arg2: *mut c::c_void,
-    arg3: *mut c::c_void,
-    arg4: *mut c::c_void,
-    arg5: *mut c::c_void,
-) -> io::Result<c::c_int> {
-    ret_c_int(syscall!(__NR_prctl, c_int(option), arg2, arg3, arg4, arg5))
-}