[Deprecation] `master.allow-header-cert-info` Setting

[silug]

Summary

The master.allow-header-cert-info setting is explicitly deprecated and superseded by authorization.allow-header-cert-info.

Evidence

• src/clj/puppetlabs/services/request_handler/request_handler_service.clj:30 logs: setting is deprecated and will be ignored in favor of authorization.allow-header-cert-info.
• src/clj/puppetlabs/services/request_handler/request_handler_service.clj:31 instructs users to remove the old setting.

Proposed OpenVox Server 9 Change

• Remove support for reading master.allow-header-cert-info.
• Remove related warning path once old key is rejected.
• Keep only authorization.allow-header-cert-info.

Compatibility / Risk

• Medium risk for installations still carrying the old master key.
• Migration is straightforward and already documented in warning text.

Implementation Notes

• Validate config at startup and fail fast (or hard-warn) if old key is present.
• Update sample configs/docs to remove old key references.

Acceptance Criteria

• master.allow-header-cert-info is no longer honored.
• Server behavior is controlled only by authorization.allow-header-cert-info.
• No stale warning text about this migration remains once removal is complete.

Suggested Tests

• Config validation tests for old key presence.
• Request-handler tests verifying only authorization namespace key controls behavior.

[silug]

Deprecated in 7f9fc3f.