Tighten permissions comment on createApiKey

Drop the endpoint-scope tangent — the comment is about why we picked
this value, not about whether doc perms get enforced.

Author: premtsd-code

src/Migration/Destinations/Appwrite.php

@@ -3151,9 +3151,8 @@ protected function createApiKey(ApiKey $resource): bool
         try {
             $this->dbForPlatform->createDocument('keys', new UtopiaDocument([
                 '$id' => ID::unique(),
-                // SDK's Key model doesn't expose $permissions, so we can't read the source doc's perms.
-                // Mirror appwrite/appwrite's createKey controller default — `dbForPlatform.keys` is
-                // gated by endpoint scope, not document perms, so this is the upstream invariant.
+                // SDK's Key model doesn't expose $permissions, so we can't copy source perms through.
+                // Mirror appwrite/appwrite's createKey controller so migrated docs match natively-created keys.
                 '$permissions' => [
                     Permission::read(Role::any()),
                     Permission::update(Role::any()),