Remove user_orgs/OrgSummary/OrgRole/orgs_cache from fkst-shared + nyxid_org_cache_ttl_secs

[chronoai-shining]

Summary

Delete the now-unused NyxID-org transport from the shared client: the user_orgs() method, OrgSummary, OrgRole, CachedOrgs, the orgs_cache/cache_ttl fields, the ORGS_PATH const, and the cache_ttl parameter of NyxIdClient::new. Cascade the signature change to startup.rs, main.rs, and remove the dead nyxid_org_cache_ttl_secs config knob.

This is the second PR of the milestone. It must land after #270, which removes the last consumers (OrgRole in authz.rs, user_orgs via the deleted visible_org_ids, and the cache_ttl test-ctor args become trivial to drop). The worker and engine never reference any of these symbols (verified: grep -rln 'NyxIdClient|OrgSummary|OrgRole|user_orgs|orgs_cache|ORGS_PATH' backend/fkst-worker/src backend/fkst-engine → 0 hits), so removal cannot break the worker.

Problem / Motivation

• user_orgs is the root of the live 503 (it deserializes a bare Vec<OrgSummary> while prod NyxID returns {"orgs":[...]}). Strip NyxID-org authz: remove visible_org_ids/require_org_writer/OrgRole branches (owner-only) #270 removed its only caller; this PR deletes the method so the bug cannot resurface. Do not fix the deserialization — delete the path.
• OrgRole, OrgSummary, CachedOrgs, orgs_cache, cache_ttl, and ORGS_PATH exist solely to support org lookups and have no remaining consumer after Strip NyxID-org authz: remove visible_org_ids/require_org_writer/OrgRole branches (owner-only) #270.
• nyxid_org_cache_ttl_secs (config) → cache_ttl (ctor) only ever fed the org cache; it is dead config.

Proposed Solution — Implementation Spec

backend/fkst-shared/src/nyxid/mod.rs

1. L27 delete pub const ORGS_PATH: &str = "/api/v1/orgs";.
2. L96-104 delete pub enum OrgRole { Admin, Member, Viewer }.
3. L106-111 delete pub struct OrgSummary { pub id: String }.
4. L171-177 delete struct CachedOrgs (+ its // ---- Cached entries ---- section header).
5. L191,193 delete Inner.orgs_cache: RwLock<HashMap<String, CachedOrgs>> and Inner.cache_ttl: Duration (+ their field doc-comments at L190/L192).
6. L256-275 NyxIdClient::new: drop the cache_ttl: Duration parameter (L259) and the orgs_cache/cache_ttl initializers (L271-272). Update the doc-comment (L245-255) that mentions "cache_ttl controls how long user-orgs results are cached". New signature: new(base_url, github_proxy_slug).
7. L277-332 delete pub async fn user_orgs(...).
8. Imports: std::collections::HashMap (L15) and tokio::sync::RwLock (L22) are now dead — verify (grep) and remove. From std::time::{Duration, Instant} (L18): keep Duration (still used by HTTP_TIMEOUT, L72), remove Instant (only CachedOrgs/user_orgs used it). Keep secrecy, serde::Deserialize, std::fmt, std::sync::Arc.
9. L1-6 module doc: drop the "org lookups" clause.
10. Tests: delete the // ---- user_orgs ---- section (L612) and user_orgs_forwards_caller_bearer (L614-637) — the only test of the deleted path (it mocks the wrong bare-array shape, which is exactly why the prod 503 went unnoticed; do not repair). Keep every proxy/mint/connection/secret-hygiene test.

backend/fkst-control-plane/src/startup.rs

11. L33,38 build_nyxid_client: remove the org_cache_ttl parameter and drop it from the NyxIdClient::new(&settings.base_url, github_proxy_slug, org_cache_ttl) call (now 2 args).

backend/fkst-control-plane/src/main.rs

12. L154 remove the Duration::from_secs(config.nyxid_org_cache_ttl_secs) argument passed into the client builder.

backend/fkst-control-plane/src/config.rs

13. Remove the nyxid_org_cache_ttl_secs field, its default, its validation, and its tests: L90 (field), L253-254 (default), L318 (validation), L399/L444/L520/L607 (struct construction in tests), L928-944 (the default/overridable/zero-is-error tests). Remove Duration import there only if it becomes unused (verify).

Remaining NyxIdClient::new call sites (drop the 3rd arg)

14. Update every other ctor call to the 2-arg signature: goals/repo_create.rs:243, sessions/nyxid_token.rs:205, sessions/dispatch_tests.rs:305/422, and the authz test ctors authz.rs:374/394/445/499/520 (the from_secs(30) arg Strip NyxID-org authz: remove visible_org_ids/require_org_writer/OrgRole branches (owner-only) #270 left in place). At repo_create.rs:243 this is only dropping the ctor arg — do NOT touch org_login.

Scope Check

• ✅ In scope: the NyxID-org transport (user_orgs/OrgSummary/OrgRole/cache/ORGS_PATH), the cache_ttl ctor param, and the nyxid_org_cache_ttl_secs config knob.
• ❌ Out of scope / KEEP: proxy_request, proxy_github_user[_for], github_connections_user/GithubConnection/GITHUB_CONNECTIONS_PATH (GitHub account-linking, not orgs), mint_user_api_key/CreatedKey, ProxyResponse, NyxIdError; and org_login at repo_create.rs:243.

Acceptance Criteria / Definition of Done

• grep -rn 'user_orgs|OrgSummary|OrgRole|orgs_cache|ORGS_PATH|cache_ttl|nyxid_org_cache_ttl_secs' backend/ returns nothing.
• NyxIdClient::new is 2-arg; all call sites updated.
• cargo test -p fkst-shared green; cargo build -p fkst-worker green (worker without the schema feature, still org-free and utoipa-free); cargo test -p fkst-control-plane green.
• A deployment env still setting NYXID_ORG_CACHE_TTL_SECS is now an unknown/ignored knob — note it in the release notes / k8s_sample sweep.

Notes

NyxID is no longer called at GET /api/v1/orgs anywhere. No OpenAPI impact from this file (OrgSummary/OrgRole derive only serde::Deserialize, never ToSchema).