feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 97 deletions

diff --git a/vendor/windows-strings/src/pcwstr.rs b/vendor/windows-strings/src/pcwstr.rs
deleted file mode 100644
index 221bfd9b..00000000
--- a/vendor/windows-strings/src/pcwstr.rs
+++ /dev/null
@@ -1,97 +0,0 @@
-use super::*;
-
-/// A pointer to a constant null-terminated string of 16-bit Unicode characters.
-#[repr(transparent)]
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-pub struct PCWSTR(pub *const u16);
-
-impl PCWSTR {
-    /// Construct a new `PCWSTR` from a raw pointer
-    pub const fn from_raw(ptr: *const u16) -> Self {
-        Self(ptr)
-    }
-
-    /// Construct a null `PCWSTR`
-    pub const fn null() -> Self {
-        Self(core::ptr::null())
-    }
-
-    /// Returns a raw pointer to the `PCWSTR`
-    pub const fn as_ptr(&self) -> *const u16 {
-        self.0
-    }
-
-    /// Checks whether the `PCWSTR` is null
-    pub fn is_null(&self) -> bool {
-        self.0.is_null()
-    }
-
-    /// String length without the trailing 0
-    ///
-    /// # Safety
-    ///
-    /// The `PCWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn len(&self) -> usize {
-        extern "C" {
-            fn wcslen(s: *const u16) -> usize;
-        }
-        unsafe { wcslen(self.0) }
-    }
-
-    /// Returns `true` if the string length is zero, and `false` otherwise.
-    ///
-    /// # Safety
-    ///
-    /// The `PCWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn is_empty(&self) -> bool {
-        unsafe { self.len() == 0 }
-    }
-
-    /// String data without the trailing 0
-    ///
-    /// # Safety
-    ///
-    /// The `PCWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn as_wide(&self) -> &[u16] {
-        unsafe { core::slice::from_raw_parts(self.0, self.len()) }
-    }
-
-    /// Copy the `PCWSTR` into a Rust `String`.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PCWSTR::as_wide`.
-    pub unsafe fn to_string(&self) -> core::result::Result<String, alloc::string::FromUtf16Error> {
-        unsafe { String::from_utf16(self.as_wide()) }
-    }
-
-    /// Copy the `PCWSTR` into an `HSTRING`.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PCWSTR::as_wide`.
-    pub unsafe fn to_hstring(&self) -> HSTRING {
-        unsafe { HSTRING::from_wide(self.as_wide()) }
-    }
-
-    /// Allow this string to be displayed.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PCWSTR::as_wide`.
-    pub unsafe fn display(&self) -> impl core::fmt::Display + '_ {
-        unsafe { Decode(move || core::char::decode_utf16(self.as_wide().iter().cloned())) }
-    }
-}
-
-impl Default for PCWSTR {
-    fn default() -> Self {
-        Self::null()
-    }
-}
-
-impl AsRef<PCWSTR> for PCWSTR {
-    fn as_ref(&self) -> &Self {
-        self
-    }
-}