Split databases and Redis — prepare infrastructure for per-domain isolation

Redis: per-app DB index (0-5) with shared auth DB 15 for SSO keys;
flushdb replaces flushall so deploys don't wipe cross-app auth state.

Postgres: drop 13 cross-domain FK constraints (migration v2t0p8q9r0),
remove dead ORM relationships, add explicit joins for 4 live ones.
Multi-engine sessions (account + federation) ready for per-domain DBs
via DATABASE_URL_ACCOUNT / DATABASE_URL_FEDERATION env vars.

All URLs initially point to the same appdb — zero behaviour change
until split-databases.sh is run to migrate data to per-domain DBs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

shared/infrastructure/auth_redis.py

@@ -0,0 +1,37 @@
+"""Shared auth Redis connection (DB 15).
+
+All cross-app auth keys live here so that per-app FLUSHDB on deploy
+doesn't wipe SSO state:
+  - did_auth:{device_id}   — login signal timestamp
+  - grant:{grant_token}    — grant validity cache (ok/revoked)
+  - prompt:{app}:{device_id} — prompt=none cooldown
+"""
+from __future__ import annotations
+
+import os
+
+from redis import asyncio as aioredis
+
+_AUTH_REDIS_URL = os.getenv("REDIS_AUTH_URL", "redis://redis:6379/15")
+
+_auth_redis: aioredis.Redis | None = None
+
+
+async def get_auth_redis() -> aioredis.Redis:
+    """Return the shared auth Redis connection (lazy init)."""
+    global _auth_redis
+    if _auth_redis is None:
+        _auth_redis = aioredis.Redis.from_url(
+            _AUTH_REDIS_URL,
+            encoding="utf-8",
+            decode_responses=False,
+        )
+    return _auth_redis
+
+
+async def close_auth_redis() -> None:
+    """Close the auth Redis connection (call on app shutdown)."""
+    global _auth_redis
+    if _auth_redis is not None:
+        await _auth_redis.close()
+        _auth_redis = None