[Deprecation] `puppet-admin` `client-whitelist` / `authorization-required` Settings

[silug]

Summary

client-whitelist and authorization-required in the puppet-admin section are explicitly deprecated and marked for future removal.

Evidence

• src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:27 warns these settings are deprecated and will be removed.
• src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:31 repeats warning and states settings may be ignored in some combinations.

Proposed OpenVox Server 9 Change

• Remove puppet-admin support for client-whitelist and authorization-required.
• Require authorization via conf.d/auth.conf rules.

Compatibility / Risk

• Medium to high risk for deployments relying on inline whitelist authorization in this section.
• Requires explicit auth.conf rule migration.

Implementation Notes

• Remove parsing/usage paths in puppet-admin service/core for these fields.
• Update docs and default config examples with migration guidance.

Acceptance Criteria

• Deprecated puppet-admin auth settings are no longer accepted.
• Puppet Admin endpoints authorize exclusively via configured authorization rules.
• Warning paths for deprecated settings are removed after feature removal.

Suggested Tests

• Startup/config tests for removed keys.
• Endpoint authorization tests validating auth.conf-driven behavior.

[silug]

Deprecated in 40d9f11.