feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 30 deletions

diff --git a/vendor/rustix/src/mm/userfaultfd.rs b/vendor/rustix/src/mm/userfaultfd.rs
deleted file mode 100644
index 46ab07eb..00000000
--- a/vendor/rustix/src/mm/userfaultfd.rs
+++ /dev/null
@@ -1,30 +0,0 @@
-//! The Linux `userfaultfd` API.
-//!
-//! # Safety
-//!
-//! Calling `userfaultfd` is safe, but the returned file descriptor lets users
-//! observe and manipulate process memory in magical ways.
-#![allow(unsafe_code)]
-
-use crate::fd::OwnedFd;
-use crate::{backend, io};
-
-pub use backend::mm::types::UserfaultfdFlags;
-
-/// `userfaultfd(flags)`—Create userspace page-fault handler.
-///
-/// # Safety
-///
-/// The call itself is safe, but the returned file descriptor lets users
-/// observe and manipulate process memory in magical ways.
-///
-/// # References
-///  - [Linux]
-///  - [Linux userfaultfd]
-///
-/// [Linux]: https://man7.org/linux/man-pages/man2/userfaultfd.2.html
-/// [Linux userfaultfd]: https://www.kernel.org/doc/Documentation/vm/userfaultfd.txt
-#[inline]
-pub unsafe fn userfaultfd(flags: UserfaultfdFlags) -> io::Result<OwnedFd> {
-    backend::mm::syscalls::userfaultfd(flags)
-}