[fga] more FGA checks and service use

[svenefftinge]

Description

Summary generated by Copilot

🤖 Generated by Copilot at 3ac3eb7

This pull request implements the user deletion feature and refactors some of the server components to improve authorization and code quality. It adds a new delete permission to the UserPermission type and the User schema in SpiceDB, and uses the Authorizer and the WorkspaceService for permission checks and workspace operations. It also adds new tests for the WorkspaceService methods and refactors some of the existing code to use dependency injection and remove redundancy.

Related Issue(s)

Fixes #

How to test

Documentation

Preview status

gitpod:summary

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[svenefftinge]

@geropl I deleted this here because it happens as part of deleteWorkspace below.

[geropl]

Only difference I see is the "delete via API" is replaced by "deleted via WorkspaceService". But not sure how we used that anyway. 👍

[geropl]

Taking a closer look now 👀

[geropl]

Code LGTM, and tests are 🟢 : ✔️

[geropl]

@svenefftinge Would be awesome if you could merge this soon so I can rebase 🚀 🤓 🙏

[svenefftinge]

/unhold