feat(server-ng): add expired personal access token cleaner

[krishvishal]

Summary

• Leader-gated. The cleaner is spawned on shard 0 of every node but a pass acts only when is_caught_up_primary() holds. The delete is a replicated mutation: the primary proposes once, every replica applies the commit. Independent per-node cleanup would race redundant proposals, and only the primary can commit.
• Sessionless consensus submit. submit_delete_personal_access_token_in_process is the first server-originated replicated metadata write. With no client session it cannot use the preflight-gated client path, so it mirrors submit_logout_in_process: skip request_preflight, use the reserved internal client id 0. get_session(0) is None, so the commit path skips commit_reply and its assert!(client_id != 0); the preflight and register asserts are never reached. Delete is idempotent, so dropping dedup is safe.
• Expiry-ordered index. Expired tokens are found by walking an expiry-sorted BTreeSet and stopping at the first not-yet-expired entry, so an idle tick is O(log n) instead of a full per-user scan.
• Shutdown. Purely periodic (compio::time::timeout); no metadata-commit wake needed. Stop is observed between tokens; an in-flight submit is not cancel-safe, so the current delete finishes rather than being cut, bounding
  shutdown to one submit.
• Rename RegisterSubmitError -> MetadataSubmitError: the error now covers register, logout, and PAT-delete submits.

[codecov]

Codecov Report

❌ Patch coverage is 29.72973% with 156 lines in your changes missing coverage. Please review.
✅ Project coverage is 24.10%. Comparing base (7bf1a24) to head (38d1541).

Files with missing lines	Patch %	Lines
core/metadata/src/impls/metadata.rs	0.00%	72 Missing ⚠️
...ore/server-ng/src/personal_access_token_cleaner.rs	0.00%	45 Missing ⚠️
core/server-ng/src/bootstrap.rs	0.00%	21 Missing ⚠️
core/metadata/src/stm/user.rs	82.27%	14 Missing ⚠️
core/server-ng/src/dispatch.rs	0.00%	4 Missing ⚠️

❌ Your patch check has failed because the patch coverage (29.72%) is below the target coverage (50.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@              Coverage Diff              @@
##             master    #3448       +/-   ##
=============================================
- Coverage     74.33%   24.10%   -50.23%     
  Complexity      943      943               
=============================================
  Files          1247     1245        -2     
  Lines        122232   107673    -14559     
  Branches      98504    83975    -14529     
=============================================
- Hits          90858    25957    -64901     
- Misses        28413    81037    +52624     
+ Partials       2961      679     -2282     

Components	Coverage Δ
Rust Core	10.48% <29.72%> (-64.97%)	⬇️
Java SDK	58.44% <ø> (ø)
C# SDK	69.43% <ø> (-0.50%)	⬇️
Python SDK	81.06% <ø> (ø)
PHP SDK	83.57% <ø> (ø)
Node SDK	91.34% <ø> (+0.12%)	⬆️
Go SDK	40.25% <ø> (ø)

Files with missing lines	Coverage Δ
core/server-ng/src/login_register.rs	55.55% <100.00%> (ø)
core/shard/src/lib.rs	78.69% <ø> (ø)
core/server-ng/src/dispatch.rs	0.00% <0.00%> (ø)
core/metadata/src/stm/user.rs	57.65% <82.27%> (+5.11%)	⬆️
core/server-ng/src/bootstrap.rs	7.43% <0.00%> (-0.10%)	⬇️
...ore/server-ng/src/personal_access_token_cleaner.rs	0.00% <0.00%> (ø)
core/metadata/src/impls/metadata.rs	33.21% <0.00%> (-2.03%)	⬇️

... and 677 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.