feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.

1 files changed, 0 insertions, 88 deletions

diff --git a/vendor/windows-strings/src/pwstr.rs b/vendor/windows-strings/src/pwstr.rs
deleted file mode 100644
index db4d74ac..00000000
--- a/vendor/windows-strings/src/pwstr.rs
+++ /dev/null
@@ -1,88 +0,0 @@
-use super::*;
-
-/// A pointer to a null-terminated string of 16-bit Unicode characters.
-#[repr(transparent)]
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-pub struct PWSTR(pub *mut u16);
-
-impl PWSTR {
-    /// Construct a new `PWSTR` from a raw pointer.
-    pub const fn from_raw(ptr: *mut u16) -> Self {
-        Self(ptr)
-    }
-
-    /// Construct a null `PWSTR`.
-    pub const fn null() -> Self {
-        Self(core::ptr::null_mut())
-    }
-
-    /// Returns a raw pointer to the `PWSTR`.
-    pub const fn as_ptr(&self) -> *mut u16 {
-        self.0
-    }
-
-    /// Checks whether the `PWSTR` is null.
-    pub fn is_null(&self) -> bool {
-        self.0.is_null()
-    }
-
-    /// String length without the trailing 0
-    ///
-    /// # Safety
-    ///
-    /// The `PWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn len(&self) -> usize {
-        unsafe { PCWSTR(self.0).len() }
-    }
-
-    /// Returns `true` if the string length is zero, and `false` otherwise.
-    ///
-    /// # Safety
-    ///
-    /// The `PWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn is_empty(&self) -> bool {
-        unsafe { self.len() == 0 }
-    }
-
-    /// String data without the trailing 0.
-    ///
-    /// # Safety
-    ///
-    /// The `PWSTR`'s pointer needs to be valid for reads up until and including the next `\0`.
-    pub unsafe fn as_wide(&self) -> &[u16] {
-        unsafe { core::slice::from_raw_parts(self.0, self.len()) }
-    }
-
-    /// Copy the `PWSTR` into a Rust `String`.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PWSTR::as_wide`.
-    pub unsafe fn to_string(&self) -> core::result::Result<String, alloc::string::FromUtf16Error> {
-        unsafe { String::from_utf16(self.as_wide()) }
-    }
-
-    /// Copy the `PWSTR` into an `HSTRING`.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PWSTR::as_wide`.
-    pub unsafe fn to_hstring(&self) -> HSTRING {
-        unsafe { HSTRING::from_wide(self.as_wide()) }
-    }
-
-    /// Allow this string to be displayed.
-    ///
-    /// # Safety
-    ///
-    /// See the safety information for `PWSTR::as_wide`.
-    pub unsafe fn display(&self) -> impl core::fmt::Display + '_ {
-        unsafe { Decode(move || core::char::decode_utf16(self.as_wide().iter().cloned())) }
-    }
-}
-
-impl Default for PWSTR {
-    fn default() -> Self {
-        Self::null()
-    }
-}