refactor: remove backward compatibility layer for permissions

- Delete app/core/permissions.py (VendorPermissions enum, PermissionGroups)
- Update all code to use permission_discovery_service directly:
  - app/api/deps.py: get_user_permissions() uses discovery service
  - app/modules/tenancy/models/vendor.py: get_all_permissions() uses discovery
  - app/modules/tenancy/routes/api/vendor_team.py: use string literals
  - app/modules/tenancy/services/vendor_team_service.py: use discovery service
  - scripts/init_production.py: use discovery service for presets

Permissions are now fully module-driven:
- Each module defines permissions in definition.py
- PermissionDiscoveryService aggregates all permissions
- Role presets reference permission IDs directly

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/api/deps.py

@@ -1027,7 +1027,7 @@ def require_vendor_permission(permission: str):
         @router.get("/products")
         def list_products(
             request: Request,
-            user: UserContext = Depends(require_vendor_permission(VendorPermissions.PRODUCTS_VIEW.value))
+            user: UserContext = Depends(require_vendor_permission("products.view"))
         ):
             vendor = request.state.vendor  # Vendor is set by this dependency
             ...
@@ -1122,8 +1122,8 @@ def require_any_vendor_permission(*permissions: str):
         def dashboard(
             request: Request,
             user: UserContext = Depends(require_any_vendor_permission(
-                VendorPermissions.DASHBOARD_VIEW.value,
-                VendorPermissions.REPORTS_VIEW.value
+                "dashboard.view",
+                "reports.view"
             ))
         ):
             vendor = request.state.vendor  # Vendor is set by this dependency
@@ -1178,8 +1178,8 @@ def require_all_vendor_permissions(*permissions: str):
         def bulk_delete_products(
             request: Request,
             user: UserContext = Depends(require_all_vendor_permissions(
-                VendorPermissions.PRODUCTS_VIEW.value,
-                VendorPermissions.PRODUCTS_DELETE.value
+                "products.view",
+                "products.delete"
             ))
         ):
             vendor = request.state.vendor  # Vendor is set by this dependency
@@ -1254,9 +1254,11 @@ def get_user_permissions(
 
     # If owner, return all permissions
     if user_model.is_owner_of(vendor.id):
-        from app.core.permissions import VendorPermissions
+        from app.modules.tenancy.services.permission_discovery_service import (
+            permission_discovery_service,
+        )
 
-        return [p.value for p in VendorPermissions]
+        return list(permission_discovery_service.get_all_permission_ids())
 
     # Get permissions from vendor membership
     for vm in user_model.vendor_memberships: