Remove FingerprintJS from all systems (#14360)

## Summary

Fully removes FingerprintJS from the codebase — web, mobile, common,
libs, identity service, and the anti-abuse-oracle.

- **Web/mobile clients**: deleted `services/fingerprint.ts`, dropped
`fingerprintClient` from the store context, and stopped collecting a
`visitorId` during sign-in / OAuth login (`FINGERPRINT_*` env vars
removed).
- **Common**: deleted `services/fingerprint/FingerprintClient`, removed
it from `storeContext` and `services/index.ts`, dropped `visitorId` from
`authService.signIn`.
- **Identity service**: removed `fpClient.js`, `fpHelpers.js`, the `/fp`
route, the `Fingerprints` model (table left in place; can be dropped via
a follow-up migration), and the `fpServerApiKey` config. `requiresOtp`
no longer takes a `visitorId` — new devices always require OTP; the
`OTP_BYPASS_EMAILS` list still bypasses. `authentication.js` and
`idSignals.js` cleaned up accordingly. Updated `test/lib/app.js` and
removed the obsolete "skips otp for recognized devices" test.
- **Anti-abuse-oracle**: removed `userFingerprints` and
`useFingerprintDeviceCount` from `identity.ts`, dropped the fingerprint
device-count term from `getUserNormalizedScore`, and removed the
Fingerprints table / column from the user-attestation UI in
`server.tsx`.
- **Libs (sdk-legacy)**: dropped the now-unused `visitorId` parameter
from `Account.login` and `IdentityService.getFn`.
- **Dependencies**: removed `@fingerprintjs/fingerprintjs-pro`,
`@fingerprintjs/fingerprintjs-pro-react-native`, and
`@fingerprintjs/fingerprintjs-pro-server-api` from
web/common/mobile/identity-service `package.json`s; `package-lock.json`
regenerated.

The `Fingerprints` Sequelize migration is left in place — the table can
be dropped in a separate follow-up.

## Test plan

- [ ] Sign in with a new device → OTP is required (no fingerprint
bypass).
- [ ] Sign in with an `OTP_BYPASS_EMAILS` address → no OTP (bypass still
works).
- [ ] OAuth login flow still completes for an existing user.
- [ ] Mobile sign-in and confirm-email screens still submit
successfully.
- [ ] Anti-abuse-oracle attestation UI loads for a user (no Fingerprint
column / section).
- [ ] CI: typecheck + lint pass across `@audius/web`, `@audius/mobile`,
`@audius/common`, `@audius/sdk-legacy`, identity-service, and
anti-abuse-oracle.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: dylanjeffers

.changeset/remove-fingerprintjs.md

@@ -0,0 +1,8 @@
+---
+'@audius/common': patch
+'@audius/sdk-legacy': patch
+'@audius/web': patch
+'@audius/mobile': patch
+---
+
+Remove FingerprintJS from all clients and services. Sign-in no longer collects a `visitorId`, the identity service's fingerprint-based OTP bypass is gone (new devices always require OTP), and the anti-abuse-oracle drops the per-fingerprint device-count scoring and UI section.

packages/discovery-provider/plugins/pedalboard/apps/anti-abuse-oracle/src/actionLog.ts

@@ -71,15 +71,6 @@ export async function getUser(handle: string) {
   return rows[0].user as UserDetails
 }
 
-export async function queryUsers({ ids }: { ids: number[] }) {
-  const rows = await sql`
-  ${sql.unsafe(buildUserDetails)}
-  where
-    user_id in ${sql(ids)}
-  `
-  return rows.map((r) => r.user) as UserDetails[]
-}
-
 export async function getRecentUsers(page: number) {
   const rows = await sql`
   ${sql.unsafe(buildUserDetails)}

packages/mobile/src/screens/contest-screen/ContestScreen.tsx

@@ -35,6 +35,7 @@ import { useDispatch } from 'react-redux'
 import { Button, Divider, Flex, Text } from '@audius/harmony-native'
 import { Screen, ScreenContent } from 'app/components/core'
 import { ProfilePicture } from 'app/components/core/ProfilePicture'
+import { make, track as trackEvent } from 'app/services/analytics'
 import {
   CollapsibleTabNavigator,
   collapsibleTabScreen