Revert "auth: accept desktop license keys (SY-) as proxy bearer tokens"

This reverts commit d1b4fc6.

Pairs with the desktop revert (stockyard-desktop e4a31d3) which
removes the customer-facing 'API Access' UI section in the license
modal. The two together close an unbounded liability surface:

When a customer's license key is accepted as an Anthropic API
bearer token, every leaked / shared / disgruntled / dumped key
becomes free unlimited LLM access on Stockyard's bill until
revoked. The original commit assumed Stockyard had:
  - per-key request and token caps
  - billing reconciliation surfacing usage to the customer
  - 'you're at your limit' UX
  - monitoring that catches abuse before the daily Anthropic bill
None of those exist. Caps are not a small change — they're a
billing feature with reporting requirements.

What this revert removes:
  - internal/apiserver/desktop_license.go
    (verifyDesktopLicenseKey, DesktopLicenseClaims, IsExpired,
    licenseTierGrantsProxy, exported wrappers)
  - internal/apiserver/desktop_license_test.go (9 tests)
  - internal/auth/middleware.go SY- branch in ProxyAuthMiddleware,
    LicenseVerifier callback type, WithLicenseTier /
    LicenseTierFromContext context helpers
  - internal/auth/middleware_license_test.go (6 tests)
  - internal/engine/license_verifier.go (closure factory)
  - internal/engine/{engine.go,boot_proxy.go} verifier wiring

What this revert KEEPS:
  - The proxy itself, unchanged. /v1/* still accepts sk-sy- API
    keys (existing) and pass-through provider keys (existing).
    Internal use of the proxy by /api/recommend continues to work
    because it doesn't go through the SY- branch — recommend uses
    its own internal auth, not bearer auth.
  - The signing path (issueDesktopLicenseKey in stripe.go).
    License keys are still minted on purchase, still emailed to
    customers, still validated by the desktop's local licensing
    package for activation/expiry checks. Just not used as proxy
    bearer tokens anymore.
  - All Cloud backup auth (license-key bearer for /api/cloud/
    desktop/* endpoints). That's a different code path (apiserver,
    not auth.ProxyAuthMiddleware) and has its own per-account rate
    limits (10/hour, 100/day) sized for backup volume, not LLM
    token spend.

If we want to ship customer-facing LLM proxy access in the future
the right shape is probably:
  - Separate per-customer API key (NOT the license key — separates
    the credential that opens the desktop from the credential that
    spends Anthropic tokens)
  - Explicit opt-in flow, default off
  - Hard daily token cap with usage display in-app
  - Stripe usage-based pricing for overage, OR a hard 'denied' wall
  - Monitoring + alerting on per-key spend before Anthropic bill
This is a feature, not a config flip. Worth its own design pass.

Verification:
  - go vet clean on auth, apiserver, engine
  - Full apiserver test suite passes (14s)
  - Full auth test suite passes (86ms)
  - No production callers depend on the removed surface — license-
    key bearer auth shipped earlier today (d1b4fc6 at 00:51 UTC)
    and has not been wired into any deployed customer flow yet.

Lesson surfaced by Michael at end of session: a free-tier feature
for a billed underlying service is a feature with billing logic,
not a small change. I should have raised the bill-risk threat
model when 'free for all paying customers' was proposed instead
of treating the Anthropic margin as a small line item.

Author: claude