feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 21 deletions

diff --git a/vendor/security-framework-sys/src/identity.rs b/vendor/security-framework-sys/src/identity.rs
deleted file mode 100644
index 6d8295ec..00000000
--- a/vendor/security-framework-sys/src/identity.rs
+++ /dev/null
@@ -1,21 +0,0 @@
-#[cfg(target_os = "macos")]
-use core_foundation_sys::base::CFTypeRef;
-use core_foundation_sys::base::{CFTypeID, OSStatus};
-
-use crate::base::{SecCertificateRef, SecIdentityRef, SecKeyRef};
-
-extern "C" {
-    pub fn SecIdentityGetTypeID() -> CFTypeID;
-    pub fn SecIdentityCopyCertificate(
-        identity: SecIdentityRef,
-        certificate_ref: *mut SecCertificateRef,
-    ) -> OSStatus;
-    pub fn SecIdentityCopyPrivateKey(identity: SecIdentityRef, key_ref: *mut SecKeyRef)
-        -> OSStatus;
-    #[cfg(target_os = "macos")]
-    pub fn SecIdentityCreateWithCertificate(
-        keychain_or_Array: CFTypeRef,
-        certificate_ref: SecCertificateRef,
-        identity_ref: *mut SecIdentityRef,
-    ) -> OSStatus;
-}