Final org_id test + OpenAPI sweep and owner-only regression guards

[chronoai-shining]

Summary

Finish the strip: sweep every remaining org_id test fixture/assertion across the integration suite, update the goals-API integration tests, optionally add a negative OpenAPI guard locking the removal in, and add the owner-only behavioural regressions (no-503 on GET /api/v1/goals, owner-only trigger/submit Forbidden). After this PR a repo-wide grep -rn org_id backend/ returns only GitHub-org_login hits and the org-admin role-string fixtures.

Depends on #272 and #273 (the model/DTO/param removals). If #272 folded the struct-seed updates of these integration test files in, this PR reduces to the assertion edits + new regression tests + the OpenAPI guard.

Problem / Motivation

• org_id: None struct-seed initializers and org_id-null assertions remain across the integration suite; they must be removed mechanically (field-removal side effects, not behaviour changes) so cargo test compiles.
• The milestone needs explicit regressions: the 503 must stay dead, and owner-only denial must be proven without any org lookup.

Proposed Solution — Implementation Spec

backend/fkst-control-plane/tests/goals_api.rs

1. post_goal_creates_201_with_location_and_not_started (L154-192): remove assert!(goal["org_id"].is_null()) (L180).
2. The bson serde test (~L402-424): drop the org_id: None seed (L411) and assert_eq!(raw.get("org_id"), Some(&Bson::Null)) (L420).
3. list_scopes_to_own_plus_org_and_filters_by_status (L201-243): the body never actually seeds an org goal — rename to drop plus_org and keep the owner/status coverage.
4. seed_goal_with_status() (L143): drop org_id: None.

Struct-seed-only sweeps (drop org_id: None, no assertion change)

5. tests/sessions_api.rs L194 (mk orphan-sweep builder); tests/admin_metrics.rs L74 (seed_doc); tests/goal_session_token.rs L182 (seed_goal GoalDoc) + L239 (GoalTriggerInfo); tests/github_app_installations.rs L207; tests/activation_dispatch.rs L99/L115; tests/claim_placement.rs L42/L58; tests/reassign_redispatch.rs L96/L112. (If Remove org_id from goal/session models, DTOs (OpenAPI), and the goal-issue marker #272 already removed these, verify and skip.)

backend/fkst-control-plane/tests/openapi.rs

6. No edit required — it names no org_id/org symbol and pins no schema property list, so it stays green automatically. OPTIONAL (recommended): add a negative guard in components_include_key_schemas_from_all_crates (L142-175) asserting no component schema exposes an org_id property, mirroring the existing internal_worker_protocol_is_never_in_the_spec guard (L204-215). Confirm org_login on the repo-create schema is still present (KEEP boundary) and no /internal/* path leaks.

New owner-only regression tests

7. GET /api/v1/goals no-503: an integration test that listing goals for an authenticated owner returns 200 with only owned goals and makes no NyxID org call (regression for the removed visible_org_ids 503).
8. Owner-only denial: a test that a non-owner non-admin caller is Forbidden on goal trigger AND submit (the require_org_writer arms are gone — prove the owner-only gate still denies). These may live alongside Strip NyxID-org authz: remove visible_org_ids/require_org_writer/OrgRole branches (owner-only) #270's authz tests; place wherever the existing handler tests are.

Scope Check

• ✅ In scope: every org_id test fixture/assertion in the integration suite; the optional OpenAPI negative guard; the new owner-only regressions.
• ❌ Out of scope / KEEP — do NOT touch (match an org grep but are not NyxID orgs): goals/repo_create.rs /orgs/{org}/repos + org_login tests; repo_create_classify.rs SSO-org URL tests; the "org-admin" role-string fixtures in auth/identity.rs + auth/middleware.rs.

Acceptance Criteria / Definition of Done

• grep -rn org_id backend/ returns only org_login/repo-placement hits and the org-admin role-string fixtures.
• cargo test -p fkst-control-plane -p fkst-shared green; tests/openapi.rs green (with the optional negative org_id guard if added); cargo build -p fkst-worker green.
• The GET /api/v1/goals no-503 regression and the owner-only trigger/submit Forbidden tests pass.
• Coverage stays ≥ 80% (org-only tests were deleted because their scenario no longer exists; owner-scoped coverage is preserved/tightened — verify the suite did not silently drop coverage).