refactor: remove backward compatibility layer for permissions

- Delete app/core/permissions.py (VendorPermissions enum, PermissionGroups)
- Update all code to use permission_discovery_service directly:
  - app/api/deps.py: get_user_permissions() uses discovery service
  - app/modules/tenancy/models/vendor.py: get_all_permissions() uses discovery
  - app/modules/tenancy/routes/api/vendor_team.py: use string literals
  - app/modules/tenancy/services/vendor_team_service.py: use discovery service
  - scripts/init_production.py: use discovery service for presets

Permissions are now fully module-driven:
- Each module defines permissions in definition.py
- PermissionDiscoveryService aggregates all permissions
- Role presets reference permission IDs directly

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/modules/tenancy/models/vendor.py

@@ -525,10 +525,12 @@ class VendorUser(Base, TimestampMixin):
     def get_all_permissions(self) -> list:
         """Get all permissions this user has."""
         if self.is_owner:
-            # Return all possible permissions
-            from app.core.permissions import VendorPermissions
+            # Return all possible permissions from discovery service
+            from app.modules.tenancy.services.permission_discovery_service import (
+                permission_discovery_service,
+            )
 
-            return list(VendorPermissions.__members__.values())
+            return list(permission_discovery_service.get_all_permission_ids())
 
         if self.role and self.role.permissions:
             return self.role.permissions

app/modules/tenancy/routes/api/vendor_team.py

@@ -22,7 +22,8 @@ from app.api.deps import (
     require_vendor_permission,
 )
 from app.core.database import get_db
-from app.core.permissions import VendorPermissions
+# Permission IDs are now defined in module definition.py files
+# and discovered by PermissionDiscoveryService
 from app.modules.tenancy.services.vendor_team_service import vendor_team_service
 from models.schema.auth import UserContext
 from app.modules.tenancy.schemas.team import (
@@ -55,7 +56,7 @@ def list_team_members(
     include_inactive: bool = False,
     db: Session = Depends(get_db),
     current_user: UserContext = Depends(
-        require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
+        require_vendor_permission("team.view")
     ),
 ):
     """
@@ -221,7 +222,7 @@ def get_team_member(
     request: Request,
     db: Session = Depends(get_db),
     current_user: UserContext = Depends(
-        require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
+        require_vendor_permission("team.view")
     ),
 ):
     """
@@ -370,7 +371,7 @@ def list_roles(
     request: Request,
     db: Session = Depends(get_db),
     current_user: UserContext = Depends(
-        require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
+        require_vendor_permission("team.view")
     ),
 ):
     """
@@ -439,7 +440,7 @@ def get_team_statistics(
     request: Request,
     db: Session = Depends(get_db),
     current_user: UserContext = Depends(
-        require_vendor_permission(VendorPermissions.TEAM_VIEW.value)
+        require_vendor_permission("team.view")
     ),
 ):
     """

app/modules/tenancy/services/vendor_team_service.py

@@ -16,7 +16,14 @@ from typing import Any
 
 from sqlalchemy.orm import Session
 
-from app.core.permissions import get_preset_permissions
+from app.modules.tenancy.services.permission_discovery_service import (
+    permission_discovery_service,
+)
+
+
+def get_preset_permissions(preset_name: str) -> set[str]:
+    """Get permissions for a preset role."""
+    return permission_discovery_service.get_preset_permissions(preset_name)
 from app.modules.tenancy.exceptions import (
     CannotRemoveOwnerException,
     InvalidInvitationTokenException,